Vulnerabilities > Redhat > Openshift Container Platform > 3.11

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-6476 Allocation of Resources Without Limits or Throttling vulnerability in Redhat Openshift Container Platform 3.11/4.13/4.14
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined.
network
low complexity
redhat CWE-770
7.5
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2022-09-13 CVE-2022-2989 Placement of User into Incorrect Group vulnerability in multiple products
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
podman-project redhat CWE-842
7.1
2022-09-01 CVE-2022-1677 Resource Exhaustion vulnerability in Redhat Openshift Container Platform
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files.
network
low complexity
redhat CWE-400
6.3
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
4.6
2021-06-02 CVE-2020-14336 Allocation of Resources Without Limits or Throttling vulnerability in Redhat Openshift Container Platform 3.11/4.5.16/4.6
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets.
network
low complexity
redhat CWE-770
6.5
2021-05-14 CVE-2020-27833 Link Following vulnerability in Redhat Openshift Container Platform
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links.
network
high complexity
redhat CWE-59
7.1
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
5.0
2021-03-19 CVE-2019-10225 Insufficiently Protected Credentials vulnerability in Redhat Openshift and Openshift Container Platform
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey.
network
low complexity
redhat CWE-522
6.5