Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2023-07-07 | CVE-2022-4361 | Cross-site Scripting vulnerability in Redhat products Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. | 6.1 |
| 2023-07-05 | CVE-2023-3089 | Weak Password Requirements vulnerability in Redhat products A compliance problem was found in the Red Hat OpenShift Container Platform. | 7.5 |
| 2023-06-06 | CVE-2023-2253 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). | 6.5 |
| 2023-04-10 | CVE-2023-1668 | Always-Incorrect Control Flow Implementation vulnerability in multiple products A flaw was found in openvswitch (OVS). | 8.2 |
| 2023-03-29 | CVE-2022-1274 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak in the execute-actions-email endpoint. | 5.4 |
| 2023-03-03 | CVE-2023-27561 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. | 7.0 |
| 2022-12-28 | CVE-2021-4294 | Information Exposure Through Discrepancy vulnerability in Redhat Openshift Container Platform and Openshift Osin A vulnerability was found in OpenShift OSIN. | 5.9 |
| 2022-09-13 | CVE-2022-2989 | Placement of User into Incorrect Group vulnerability in multiple products An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
| 2022-09-13 | CVE-2022-2990 | Placement of User into Incorrect Group vulnerability in multiple products An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |