Vulnerabilities > Redhat > Openshift Container Platform > 3.4

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-27833 Link Following vulnerability in Redhat Openshift Container Platform
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links.
network
high complexity
redhat CWE-59
7.1
2020-07-13 CVE-2020-14298 Improper Check for Dropped Privileges vulnerability in multiple products
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304.
local
low complexity
redhat docker CWE-273
8.8
2020-04-22 CVE-2020-10712 Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform version 4.1 and later.
network
low complexity
redhat CWE-532
8.2
2019-07-30 CVE-2019-10165 Information Exposure vulnerability in Redhat Openshift Container Platform
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server.
local
low complexity
redhat CWE-200
2.1
2019-07-11 CVE-2019-3889 Cross-site Scripting vulnerability in Redhat Openshift Container Platform
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11.
network
low complexity
redhat CWE-79
5.4
2019-04-01 CVE-2019-3876 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections.
network
low complexity
redhat CWE-352
6.3
2018-12-05 CVE-2018-1002105 7PK - Errors vulnerability in multiple products
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
network
low complexity
kubernetes redhat netapp CWE-388
critical
9.8
2018-09-06 CVE-2018-14632 Out-of-bounds Write vulnerability in multiple products
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7.
network
low complexity
redhat starcounter-jack CWE-787
7.7
2018-07-27 CVE-2017-12195 Improper Authentication vulnerability in Redhat Openshift Container Platform
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin.
network
high complexity
redhat CWE-287
4.8
2018-07-19 CVE-2017-7481 Improper Input Validation vulnerability in multiple products
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.
network
low complexity
redhat canonical debian CWE-20
7.5