Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-13	CVE-2020-14298	Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. local low complexity redhat docker CWE-273	8.8
2020-06-12	CVE-2020-10752	Insufficiently Protected Credentials vulnerability in Redhat Openshift Container Platform 3.11/4.0 A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. network high complexity redhat CWE-522	7.5
2020-06-03	CVE-2020-7013	Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. network low complexity elastic redhat CWE-94	7.2
2020-06-03	CVE-2020-10749	A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. network high complexity linuxfoundation redhat fedoraproject	6.0
2020-05-12	CVE-2020-10706	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. low complexity redhat	6.6
2020-04-24	CVE-2020-1741	Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. network high complexity redhat	5.9
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-22	CVE-2020-10712	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. network low complexity redhat	8.2
2020-04-02	CVE-2020-11100	Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. network low complexity haproxy debian redhat fedoraproject canonical opensuse CWE-787	8.8
2020-03-31	CVE-2020-10696	Path Traversal vulnerability in multiple products A path traversal flaw was found in Buildah in versions before 1.14.5. network low complexity buildah-project redhat CWE-22	8.8