Openshift

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-01-26	CVE-2023-0229	Unspecified vulnerability in Redhat Openshift 4.11/4.12 A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. network low complexity redhat	6.3
2023-01-17	CVE-2023-0296	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat Openshift 4.11 The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. network low complexity redhat CWE-327	5.3
2022-12-09	CVE-2022-3259	Improper Initialization vulnerability in Redhat Openshift 4.9 Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. network high complexity redhat CWE-665	7.4
2022-12-08	CVE-2022-3260	Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Openshift 4.9 The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. network low complexity redhat CWE-1021	4.8
2022-12-08	CVE-2022-3262	Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9 A flaw was found in Openshift. network low complexity redhat CWE-1188	8.1
2022-10-19	CVE-2013-4253	Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0 The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. network low complexity redhat CWE-668	7.5
2022-10-19	CVE-2013-4281	Incorrect Default Permissions vulnerability in Redhat Openshift 1.0 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. local low complexity redhat CWE-276	5.5
2022-10-17	CVE-2017-7517	Improper Input Validation vulnerability in Redhat Openshift 3.0 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. network low complexity redhat CWE-20	3.5
2022-09-01	CVE-2022-2403	Exposure of System Data to an Unauthorized Control Sphere vulnerability in Redhat Openshift 4.9 A credentials leak was found in the OpenShift Container Platform. network low complexity redhat CWE-497	6.5