Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2023-10-06 CVE-2023-5366 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules.
local
low complexity
openvswitch redhat CWE-345
5.5
2023-10-05 CVE-2022-3248 Incorrect Authorization vulnerability in Redhat products
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions.
network
low complexity
redhat CWE-863
7.5
2023-10-05 CVE-2022-4145 Injection vulnerability in Redhat Openshift Container Platform 4.0
A content spoofing flaw was found in OpenShift's OAuth endpoint.
network
low complexity
redhat CWE-74
5.3
2023-10-04 CVE-2023-3153 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit.
network
low complexity
ovn redhat CWE-770
5.3
2023-10-04 CVE-2023-2422 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
7.1
2023-09-27 CVE-2023-4066 Cleartext Storage of Sensitive Information vulnerability in Redhat products
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
local
low complexity
redhat CWE-312
5.5
2023-09-27 CVE-2023-4065 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log.
local
low complexity
redhat CWE-276
5.5
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-24 CVE-2023-1260 An authentication bypass vulnerability was discovered in kube-apiserver.
network
high complexity
kubernetes redhat
8.0
2023-09-22 CVE-2022-4039 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled.
network
low complexity
redhat CWE-276
critical
9.8