Vulnerabilities > Redhat > Openshift Container Platform > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-20238 | Missing Authentication for Critical Function vulnerability in Redhat products It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. | 3.7 |
| 2021-05-26 | CVE-2021-20297 | Improper Input Validation vulnerability in multiple products A flaw was found in NetworkManager in versions before 1.30.0. | 2.1 |
| 2020-11-24 | CVE-2020-10763 | Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. | 2.1 |
| 2019-08-29 | CVE-2019-11250 | Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. | 3.5 |
| 2019-07-30 | CVE-2019-10165 | Information Exposure vulnerability in Redhat Openshift Container Platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. | 2.1 |
| 2019-01-28 | CVE-2019-3815 | Memory Leak vulnerability in multiple products A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. | 3.3 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 2.1 |
| 2018-09-11 | CVE-2018-10937 | Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11 A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. | 3.5 |
| 2018-08-01 | CVE-2016-8651 | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform An input validation flaw was found in the way OpenShift 3 handles requests for images. | 3.5 |