Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-23	CVE-2021-20182	Unspecified vulnerability in Redhat Openshift Container Platform A privilege escalation flaw was found in openshift4/ose-docker-builder. network low complexity redhat	8.8
2021-02-11	CVE-2021-20188	A flaw was found in podman before 1.7.0. local high complexity podman-project redhat	7.0
2020-12-21	CVE-2020-27846	A signature verification vulnerability exists in crewjam/saml. network low complexity grafana saml-project redhat fedoraproject critical	9.8
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-12-15	CVE-2020-27777	A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. local low complexity linux redhat	6.7
2020-12-11	CVE-2020-27786	A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. local low complexity linux redhat netapp	7.8
2020-12-02	CVE-2020-27816	Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. network low complexity elastic redhat CWE-601	6.1
2020-11-24	CVE-2020-10763	Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. local low complexity heketi-project redhat CWE-532	5.5
2020-11-23	CVE-2020-25660	A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject	8.8
2020-09-23	CVE-2020-14370	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. network high complexity podman-project redhat fedoraproject CWE-212	5.3