Vulnerabilities > Redhat > Openshift Container Platform > 3.7

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-27833 Link Following vulnerability in Redhat Openshift Container Platform
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links.
network
high complexity
redhat CWE-59
7.1
2020-07-13 CVE-2020-14298 Improper Check for Dropped Privileges vulnerability in multiple products
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304.
local
low complexity
redhat docker CWE-273
8.8
2020-04-22 CVE-2020-10712 Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform version 4.1 and later.
network
low complexity
redhat CWE-532
8.2
2019-07-30 CVE-2019-10165 Information Exposure vulnerability in Redhat Openshift Container Platform
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server.
local
low complexity
redhat CWE-200
2.1
2019-07-11 CVE-2019-3889 Cross-site Scripting vulnerability in Redhat Openshift Container Platform
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11.
network
low complexity
redhat CWE-79
5.4
2019-06-12 CVE-2019-10150 Improper Authentication vulnerability in Redhat Openshift Container Platform
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds.
network
high complexity
redhat CWE-287
5.9
2019-04-01 CVE-2019-3876 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections.
network
low complexity
redhat CWE-352
6.3
2018-09-06 CVE-2018-14632 Out-of-bounds Write vulnerability in multiple products
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7.
network
low complexity
redhat starcounter-jack CWE-787
7.7
2018-07-27 CVE-2017-12195 Improper Authentication vulnerability in Redhat Openshift Container Platform
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin.
network
high complexity
redhat CWE-287
4.8
2018-07-02 CVE-2018-10843 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container.
network
low complexity
redhat CWE-732
critical
9.0