Vulnerabilities > Redhat > Openshift > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-0229 Unspecified vulnerability in Redhat Openshift 4.11/4.12
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
network
low complexity
redhat
6.3
2023-01-17 CVE-2023-0296 Unspecified vulnerability in Redhat Openshift 4.11
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component.
network
low complexity
redhat
5.3
2022-12-08 CVE-2022-3260 Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Openshift 4.9
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack..
network
low complexity
redhat CWE-1021
4.8
2022-10-19 CVE-2013-4281 Unspecified vulnerability in Redhat Openshift 1.0
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
local
low complexity
redhat
5.5
2022-09-01 CVE-2022-2403 Unspecified vulnerability in Redhat Openshift 4.11/4.12/4.9
A credentials leak was found in the OpenShift Container Platform.
network
low complexity
redhat
6.5
2022-07-06 CVE-2021-3695 Out-of-bounds Write vulnerability in multiple products
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area.
local
high complexity
gnu fedoraproject redhat netapp CWE-787
4.5
2022-07-06 CVE-2021-3696 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader.
local
high complexity
gnu redhat netapp CWE-787
4.5
2021-07-30 CVE-2021-3636 Improper Authentication vulnerability in Redhat Openshift
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates.
low complexity
redhat CWE-287
4.6
2021-05-27 CVE-2020-1761 Unspecified vulnerability in Redhat Openshift
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage.
network
low complexity
redhat
6.1
2021-03-19 CVE-2019-10225 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey.
network
low complexity
redhat
6.3