Vulnerabilities > Redhat > Openshift Container Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. | 6.0 |
| 2020-05-12 | CVE-2020-10706 | Cleartext Storage of Sensitive Information vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. | 6.6 |
| 2020-04-24 | CVE-2020-1741 | Incorrect Regular Expression vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. | 5.9 |
| 2020-04-23 | CVE-2020-1760 | Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
| 2020-02-11 | CVE-2020-1726 | Files or Directories Accessible to External Parties vulnerability in multiple products A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. | 5.9 |
| 2020-01-07 | CVE-2019-14854 | Improper Output Neutralization for Logs vulnerability in Redhat Openshift Container Platform 4.1/4.2 OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. | 6.5 |
| 2019-12-05 | CVE-2019-11255 | Improper Input Validation vulnerability in multiple products Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | 6.5 |
| 2019-11-25 | CVE-2019-10213 | Improper Output Neutralization for Logs vulnerability in Redhat Openshift Container Platform 4.1/4.2 OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. | 6.5 |
| 2019-11-25 | CVE-2019-14891 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. | 6.0 |
| 2019-11-25 | CVE-2019-10214 | Insufficiently Protected Credentials vulnerability in multiple products The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. | 4.3 |