Vulnerabilities > Redhat > Openshift > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-0229 | Unspecified vulnerability in Redhat Openshift 4.11/4.12 A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. | 6.3 |
| 2023-01-17 | CVE-2023-0296 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat Openshift 4.11 The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. | 5.3 |
| 2022-12-08 | CVE-2022-3260 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Openshift 4.9 The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. | 4.8 |
| 2022-10-19 | CVE-2013-4281 | Incorrect Default Permissions vulnerability in Redhat Openshift 1.0 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. | 5.5 |
| 2022-09-01 | CVE-2022-2403 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in Redhat Openshift 4.9 A credentials leak was found in the OpenShift Container Platform. | 6.5 |
| 2022-07-06 | CVE-2021-3695 | Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. | 4.5 |
| 2022-07-06 | CVE-2021-3696 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. | 4.5 |
| 2022-06-30 | CVE-2013-4561 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. | 6.4 |
| 2021-07-30 | CVE-2021-3636 | Improper Authentication vulnerability in Redhat Openshift It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. | 4.6 |
| 2021-06-02 | CVE-2020-35514 | Incorrect Privilege Assignment vulnerability in Redhat Openshift An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. | 4.4 |