Vulnerabilities > Redhat > Openshift > 4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-3636 | Improper Authentication vulnerability in Redhat Openshift It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. | 4.6 |
| 2021-06-02 | CVE-2020-35514 | Incorrect Privilege Assignment vulnerability in Redhat Openshift An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. | 4.4 |
| 2021-03-19 | CVE-2019-10225 | Insufficiently Protected Credentials vulnerability in Redhat Openshift and Openshift Container Platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. | 6.5 |
| 2020-09-16 | CVE-2020-10715 | Improper Input Validation vulnerability in Redhat Openshift A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. | 4.3 |
| 2020-04-13 | CVE-2020-1759 | Reusing a Nonce, Key Pair in Encryption vulnerability in multiple products A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. | 6.8 |
| 2020-03-20 | CVE-2020-1709 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. | 7.8 |
| 2020-03-20 | CVE-2020-1707 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. | 7.0 |
| 2020-03-20 | CVE-2019-19345 | Incorrect Privilege Assignment vulnerability in Redhat Openshift A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. | 7.8 |
| 2020-03-18 | CVE-2019-19335 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 4.0/4.2 During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. | 4.4 |
| 2019-10-08 | CVE-2019-14845 | Download of Code Without Integrity Check vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. | 5.3 |