Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-0532 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier.
network
high complexity
kubernetes redhat CWE-732
4.2
2021-06-02 CVE-2020-14336 Unspecified vulnerability in Redhat Openshift Container Platform 3.11/4.5.16/4.6
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets.
network
low complexity
redhat
6.5
2021-06-02 CVE-2020-10743 It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
network
low complexity
elastic redhat
4.3
2021-05-26 CVE-2021-20297 Improper Input Validation vulnerability in multiple products
A flaw was found in NetworkManager in versions before 1.30.0.
local
low complexity
gnome redhat fedoraproject CWE-20
5.5
2021-04-01 CVE-2021-20291 A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1.
network
low complexity
storage-project redhat fedoraproject
6.5
2021-03-19 CVE-2019-10225 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey.
network
low complexity
redhat
6.3
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC.
local
low complexity
linux fedoraproject redhat
4.4
2020-12-15 CVE-2020-27777 A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication.
local
low complexity
linux redhat
6.7
2020-12-02 CVE-2020-27816 Open Redirect vulnerability in multiple products
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource.
network
low complexity
elastic redhat CWE-601
6.1
2020-11-24 CVE-2020-10763 Information Exposure Through Log Files vulnerability in multiple products
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
local
low complexity
heketi-project redhat CWE-532
5.5