Vulnerabilities > Redhat > Openshift Container Platform > 4.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-2422 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 7.1 |
| 2023-09-24 | CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. | 8.0 |
| 2023-09-22 | CVE-2022-4039 | Incorrect Default Permissions vulnerability in Redhat products A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. | 9.8 |
| 2023-09-20 | CVE-2022-3916 | Insufficient Session Expiration vulnerability in Redhat products A flaw was found in the offline_access scope in Keycloak. | 6.8 |
| 2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2023-07-05 | CVE-2023-3089 | Weak Password Requirements vulnerability in Redhat products A compliance problem was found in the Red Hat OpenShift Container Platform. | 7.5 |
| 2023-03-29 | CVE-2022-1274 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak in the execute-actions-email endpoint. | 5.4 |
| 2023-03-23 | CVE-2023-0056 | Resource Exhaustion vulnerability in multiple products An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. | 6.5 |
| 2022-09-01 | CVE-2022-1677 | Unspecified vulnerability in Redhat Openshift Container Platform In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. | 6.3 |