Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2022-4361 Cross-site Scripting vulnerability in Redhat products
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers.
network
low complexity
redhat CWE-79
6.1
2023-07-05 CVE-2023-3089 Weak Password Requirements vulnerability in Redhat products
A compliance problem was found in the Red Hat OpenShift Container Platform.
network
low complexity
redhat CWE-521
7.5
2023-06-06 CVE-2023-2253 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`).
network
low complexity
redhat CWE-770
6.5
2023-04-10 CVE-2023-1668 Always-Incorrect Control Flow Implementation vulnerability in multiple products
A flaw was found in openvswitch (OVS).
network
low complexity
cloudbase debian redhat CWE-670
8.2
2023-03-29 CVE-2022-1274 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak in the execute-actions-email endpoint.
network
low complexity
redhat CWE-79
5.4
2023-03-24 CVE-2021-3684 Information Exposure Through Log Files vulnerability in Redhat Openshift Assisted Installer
A vulnerability was found in OpenShift Assisted Installer.
local
low complexity
redhat CWE-532
5.5
2023-03-23 CVE-2023-0056 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service.
network
low complexity
haproxy redhat fedoraproject CWE-400
6.5
2023-03-03 CVE-2023-27561 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.
local
high complexity
linuxfoundation redhat debian CWE-706
7.0
2022-12-28 CVE-2021-4294 Information Exposure Through Discrepancy vulnerability in Redhat Openshift Container Platform and Openshift Osin
A vulnerability was found in OpenShift OSIN.
network
high complexity
redhat CWE-203
5.9
2022-09-13 CVE-2022-2989 An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
podman-project redhat
7.1