Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2023-08-04 CVE-2023-0264 Improper Authentication vulnerability in Redhat products
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests.
network
high complexity
redhat CWE-287
5.0
2023-07-07 CVE-2022-4361 Cross-site Scripting vulnerability in Redhat products
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers.
network
low complexity
redhat CWE-79
6.1
2023-06-06 CVE-2023-2253 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`).
network
low complexity
redhat CWE-770
6.5
2023-03-29 CVE-2022-1274 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak in the execute-actions-email endpoint.
network
low complexity
redhat CWE-79
5.4
2023-03-24 CVE-2021-3684 Information Exposure Through Log Files vulnerability in Redhat Openshift Assisted Installer
A vulnerability was found in OpenShift Assisted Installer.
local
low complexity
redhat CWE-532
5.5
2023-03-23 CVE-2023-0056 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service.
network
low complexity
haproxy redhat fedoraproject CWE-400
6.5
2022-12-28 CVE-2021-4294 Information Exposure Through Discrepancy vulnerability in Redhat Openshift Container Platform and Openshift Osin
A vulnerability was found in OpenShift OSIN.
network
high complexity
redhat CWE-203
5.9
2022-09-01 CVE-2022-1632 An Improper Certificate Validation attack was found in Openshift.
network
low complexity
redhat fedoraproject
6.5