Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-17	CVE-2022-1706	Incorrect Authorization vulnerability in multiple products A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. network low complexity redhat fedoraproject CWE-863	6.5
2022-04-29	CVE-2022-1227	Improper Privilege Management vulnerability in multiple products A privilege escalation flaw was found in Podman. network low complexity podman-project psgo-project redhat fedoraproject CWE-269	8.8
2022-04-18	CVE-2022-27652	Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. local low complexity kubernetes fedoraproject mobyproject redhat CWE-276	4.6
2022-04-04	CVE-2022-27649	Incorrect Default Permissions vulnerability in multiple products A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. network high complexity podman-project redhat fedoraproject CWE-276	7.5
2022-04-04	CVE-2022-27650	Incorrect Default Permissions vulnerability in multiple products A flaw was found in crun where containers were incorrectly started with non-empty default permissions. network high complexity crun-project fedoraproject redhat CWE-276	7.5
2022-04-01	CVE-2021-20238	Missing Authentication for Critical Function vulnerability in Redhat products It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. network high complexity redhat CWE-306	3.7
2022-03-03	CVE-2021-3609	Race Condition vulnerability in multiple products .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. local high complexity linux redhat netapp CWE-362	7.0
2022-03-02	CVE-2021-3631	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. local high complexity redhat netapp CWE-732	6.3
2022-03-02	CVE-2022-0711	Infinite Loop vulnerability in multiple products A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. network low complexity haproxy redhat debian CWE-835	7.5
2022-02-16	CVE-2021-3560	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. local low complexity polkit-project debian canonical redhat CWE-754	7.8