Vulnerabilities > Redhat > Openshift > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2020-1761 | Unspecified vulnerability in Redhat Openshift A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. network redhat | 4.3 |
| 2021-03-24 | CVE-2019-19350 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 3.11/4.0 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. | 4.6 |
| 2021-03-24 | CVE-2019-19349 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. | 4.4 |
| 2021-03-19 | CVE-2019-10225 | Insufficiently Protected Credentials vulnerability in Redhat Openshift and Openshift Container Platform A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. | 6.5 |
| 2020-09-16 | CVE-2020-10715 | Improper Input Validation vulnerability in Redhat Openshift A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. | 4.3 |
| 2020-04-13 | CVE-2020-1759 | Reusing a Nonce, Key Pair in Encryption vulnerability in multiple products A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. | 6.8 |
| 2020-03-18 | CVE-2019-19335 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 4.0/4.2 During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. | 4.4 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
| 2019-12-30 | CVE-2013-0196 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2 A CSRF issue was found in OpenShift Enterprise 1.2. | 6.5 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 4.3 |