Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2019-11255 Improper Input Validation vulnerability in multiple products
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
network
low complexity
kubernetes redhat CWE-20
6.5
2019-11-25 CVE-2019-10213 Unspecified vulnerability in Redhat Openshift Container Platform 4.1/4.2
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher.
network
low complexity
redhat
6.5
2019-11-25 CVE-2019-14891 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup.
network
high complexity
kubernetes fedoraproject redhat CWE-754
5.0
2019-11-25 CVE-2019-10214 Insufficiently Protected Credentials vulnerability in multiple products
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service.
5.9
2019-11-14 CVE-2018-12207 Improper Input Validation vulnerability in multiple products
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
6.5
2019-11-05 CVE-2019-10223 Information Exposure vulnerability in multiple products
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1.
network
low complexity
kubernetes redhat CWE-200
6.5
2019-09-04 CVE-2019-15718 In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages.
local
low complexity
systemd-project fedoraproject redhat
4.4
2019-08-29 CVE-2019-11250 Information Exposure Through Log Files vulnerability in multiple products
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher.
network
low complexity
kubernetes redhat CWE-532
6.5
2019-08-29 CVE-2019-11249 Path Traversal vulnerability in multiple products
The kubectl cp command allows copying files between containers and the user machine.
network
low complexity
kubernetes redhat CWE-22
6.5
2019-08-28 CVE-2019-10383 Cross-site Scripting vulnerability in multiple products
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
network
low complexity
jenkins oracle redhat CWE-79
4.8