Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-09-20 CVE-2023-4853 Incorrect Authorization vulnerability in multiple products
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions.
network
high complexity
quarkus redhat CWE-863
8.1
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-08-04 CVE-2023-0264 Improper Authentication vulnerability in Redhat products
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests.
network
high complexity
redhat CWE-287
5.0
2023-07-07 CVE-2022-4361 Cross-site Scripting vulnerability in Redhat products
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers.
network
low complexity
redhat CWE-79
6.1
2023-07-05 CVE-2023-3089 Weak Password Requirements vulnerability in Redhat products
A compliance problem was found in the Red Hat OpenShift Container Platform.
network
low complexity
redhat CWE-521
7.5
2023-06-06 CVE-2023-2253 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`).
network
low complexity
redhat CWE-770
6.5
2023-04-10 CVE-2023-1668 Always-Incorrect Control Flow Implementation vulnerability in multiple products
A flaw was found in openvswitch (OVS).
network
low complexity
cloudbase debian redhat CWE-670
8.2
2023-03-29 CVE-2022-1274 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak in the execute-actions-email endpoint.
network
low complexity
redhat CWE-79
5.4