Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2020-07-13 CVE-2020-14298 Improper Check for Dropped Privileges vulnerability in multiple products
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304.
local
low complexity
redhat docker CWE-273
8.8
2020-06-12 CVE-2020-10752 Insufficiently Protected Credentials vulnerability in Redhat Openshift Container Platform 3.11/4.0
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred.
network
high complexity
redhat CWE-522
7.5
2020-06-03 CVE-2020-7013 Code Injection vulnerability in multiple products
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB.
network
low complexity
elastic redhat CWE-94
7.2
2020-06-03 CVE-2020-10749 A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks.
network
high complexity
linuxfoundation redhat fedoraproject
6.0
2020-05-12 CVE-2020-10706 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.
low complexity
redhat
6.6
2020-04-24 CVE-2020-1741 Unspecified vulnerability in Redhat Openshift Container Platform 3.11
A flaw was found in openshift-ansible.
network
high complexity
redhat
5.9
2020-04-23 CVE-2020-1760 Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.
6.1
2020-04-22 CVE-2020-10712 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in OpenShift Container Platform version 4.1 and later.
network
low complexity
redhat
8.2
2020-04-02 CVE-2020-11100 Out-of-bounds Write vulnerability in multiple products
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
8.8
2020-03-31 CVE-2020-10696 Path Traversal vulnerability in multiple products
A path traversal flaw was found in Buildah in versions before 1.14.5.
network
low complexity
buildah-project redhat CWE-22
8.8