Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-4066 | Cleartext Storage of Sensitive Information vulnerability in Redhat products A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | 5.5 |
| 2023-09-27 | CVE-2023-4065 | Incorrect Default Permissions vulnerability in Redhat products A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. | 5.5 |
| 2023-09-27 | CVE-2023-0833 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. | 5.5 |
| 2023-09-25 | CVE-2022-4137 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. | 6.1 |
| 2023-09-25 | CVE-2022-4245 | XXE vulnerability in multiple products A flaw was found in codehaus-plexus. | 4.3 |
| 2023-09-24 | CVE-2023-1625 | An information leak was discovered in OpenStack heat. | 5.0 |
| 2023-09-24 | CVE-2023-1633 | Insufficiently Protected Credentials vulnerability in multiple products A credentials leak flaw was found in OpenStack Barbican. | 5.5 |
| 2023-09-24 | CVE-2023-1636 | A vulnerability was found in OpenStack Barbican containers. | 5.0 |
| 2023-09-23 | CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. | 4.3 |
| 2023-09-20 | CVE-2022-3916 | Insufficient Session Expiration vulnerability in Redhat products A flaw was found in the offline_access scope in Keycloak. | 6.8 |