Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-11255 | Improper Input Validation vulnerability in multiple products Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | 6.5 |
| 2019-11-25 | CVE-2019-10213 | Improper Output Neutralization for Logs vulnerability in Redhat Openshift Container Platform 4.1/4.2 OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. | 6.5 |
| 2019-11-25 | CVE-2019-14891 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. | 6.0 |
| 2019-11-25 | CVE-2019-10214 | Insufficiently Protected Credentials vulnerability in multiple products The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. | 4.3 |
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-05 | CVE-2019-10223 | Information Exposure vulnerability in multiple products A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. | 4.0 |
| 2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
| 2019-10-17 | CVE-2019-11253 | XML Entity Expansion vulnerability in multiple products Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. | 7.5 |
| 2019-09-30 | CVE-2019-16276 | HTTP Request Smuggling vulnerability in multiple products Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | 7.5 |
| 2019-09-25 | CVE-2019-16884 | Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 7.5 |