Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-4066 Cleartext Storage of Sensitive Information vulnerability in Redhat products
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
local
low complexity
redhat CWE-312
5.5
2023-09-27 CVE-2023-4065 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log.
local
low complexity
redhat CWE-276
5.5
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-24 CVE-2023-1260 An authentication bypass vulnerability was discovered in kube-apiserver.
network
high complexity
kubernetes redhat
8.0
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-09-20 CVE-2023-4853 Incorrect Authorization vulnerability in multiple products
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions.
network
high complexity
quarkus redhat CWE-863
8.1
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-08-04 CVE-2023-0264 Improper Authentication vulnerability in Redhat products
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests.
network
high complexity
redhat CWE-287
5.0