Vulnerabilities > Redhat > Openshift > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-12-09 CVE-2022-3259 Unspecified vulnerability in Redhat Openshift 4.9
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
network
high complexity
redhat
7.4
2022-12-08 CVE-2022-3262 Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9
A flaw was found in Openshift.
network
low complexity
redhat CWE-1188
8.1
2022-10-19 CVE-2013-4253 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
network
low complexity
redhat CWE-668
7.5
2022-08-24 CVE-2021-4125 Deserialization of Untrusted Data vulnerability in Redhat Openshift
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed.
network
high complexity
redhat CWE-502
8.1
2022-07-06 CVE-2021-3697 Out-of-bounds Write vulnerability in multiple products
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.
local
high complexity
gnu redhat CWE-787
7.0
2022-04-11 CVE-2021-4047 Unspecified vulnerability in Redhat Openshift 4.9
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing.
network
low complexity
redhat
7.5
2021-06-02 CVE-2020-35514 Unspecified vulnerability in Redhat Openshift
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift.
local
high complexity
redhat
7.0
2021-03-24 CVE-2019-19350 Unspecified vulnerability in Redhat Openshift 3.11/4.0
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11.
local
low complexity
redhat
7.8
2021-03-24 CVE-2019-19349 Unspecified vulnerability in Redhat Openshift 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4.
local
low complexity
redhat
7.8