2023-10-06
|
CVE-2023-5366
|
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
|
Openvswitch, Enterprise_linux, Fast_datapath, Openshift_container_platform, Virtualization
|
5.5
|
|
|
2023-12-18
|
CVE-2023-48795
|
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles...
|
Sshd, Sshj, Asyncssh, Ssh_client, Ssh_server, Sshlib, Thrussh, Crushftp, Dropbear_ssh, Erlang\/otp, Filezilla_client, Freebsd, Security, Crypto, Maverick_synergy_java_ssh_api, Kitty, Lanconfig, Lcos, Lcos_fx, Lcos_lx, Lcos_sx, Libssh, Libssh2, Jsch, Powershell, Net\-Ssh, Pfsense_ce, Pfsense_plus, Xshell_7, Openssh, Cyclone_ssh, Nova, Transmit_5, Paramiko, Proftpd, Putty, Advanced_cluster_security, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Discovery, Enterprise_linux, Jboss_enterprise_application_platform, Keycloak, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_data_foundation, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_gitops, Openshift_pipelines, Openshift_serverless, Openshift_virtualization, Openstack_platform, Single_sign\-On, Storage, Pkixssh, Russh, Sftpgo, Ssh, Ssh2, Tera_term, Sftp_gateway_firmware, Tinyssh, Ssh2, Securecrt, Winscp
|
5.9
|
|
|
2022-12-28
|
CVE-2021-4294
|
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
|
Openshift_container_platform, Openshift_osin
|
5.9
|
|
|
2021-05-14
|
CVE-2020-27833
|
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory,...
|
Openshift_container_platform
|
7.1
|
|
|
2023-12-14
|
CVE-2023-6134
|
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
|
Keycloak, Openshift_container_platform, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Single_sign\-On
|
5.4
|
|
|
2024-01-26
|
CVE-2023-6291
|
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
|
Keycloak, Migration_toolkit_for_applications, Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Single_sign\-On
|
7.1
|
|
|
2024-01-09
|
CVE-2023-6476
|
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
|
Openshift_container_platform
|
7.5
|
|
|
2023-10-10
|
CVE-2023-44487
|
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
|
Http_server, Opensearch_data_prepper, Apisix, Solr, Tomcat, Traffic_server, Swiftnio_http\/2, Caddy, Connected_mobile_experiences, Crosswork_data_gateway, Crosswork_zero_touch_provisioning, Data_center_network_manager, Enterprise_chat_and_email, Expressway, Firepower_threat_defense, Fog_director, Ios_xe, Ios_xr, Iot_field_network_director, Nx\-Os, Prime_access_registrar, Prime_cable_provisioning, Prime_infrastructure, Prime_network_registrar, Secure_dynamic_attributes_connector, Secure_malware_analytics, Secure_web_appliance_firmware, Telepresence_video_communication_server, Ultra_cloud_core_\-_policy_control_function, Ultra_cloud_core_\-_serving_gateway_function, Ultra_cloud_core_\-_session_management_function, Unified_attendant_console_advanced, Unified_contact_center_domain_manager, Unified_contact_center_enterprise, Unified_contact_center_enterprise_\-_live_data_server, Unified_contact_center_management_portal, Debian_linux, H2o, Jetty, Envoy, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_next, Big\-Ip_next_service_proxy_for_kubernetes, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Nginx, Nginx_ingress_controller, Nginx_plus, Proxygen, Fedora, Go, Http2, Networking, Grpc, Http, Istio, Jenkins, Http2, Kong_gateway, Armeria, Linkerd, \.net, Asp\.net_core, Azure_kubernetes_service, Cbl\-Mariner, Visual_studio_2022, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Astra_control_center, Netty, Nghttp2, Node\.js, Openresty, Contour, 3scale_api_management_platform, Advanced_cluster_management_for_kubernetes, Advanced_cluster_security, Ansible_automation_platform, Build_of_optaplanner, Build_of_quarkus, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Certification_for_red_hat_enterprise_linux, Cost_management, Cryostat, Decision_manager, Enterprise_linux, Fence_agents_remediation_operator, Integration_camel_for_spring_boot, Integration_camel_k, Integration_service_registry, Jboss_a\-Mq, Jboss_a\-Mq_streams, Jboss_core_services, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Logging_subsystem_for_red_hat_openshift, Machine_deletion_remediation_operator, Migration_toolkit_for_applications, Migration_toolkit_for_containers, Migration_toolkit_for_virtualization, Network_observability_operator, Node_healthcheck_operator, Node_maintenance_operator, Openshift, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_container_platform_assisted_installer, Openshift_data_science, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_distributed_tracing, Openshift_gitops, Openshift_pipelines, Openshift_sandboxed_containers, Openshift_secondary_scheduler_operator, Openshift_serverless, Openshift_service_mesh, Openshift_virtualization, Openstack_platform, Process_automation, Quay, Run_once_duration_override_operator, Satellite, Self_node_remediation_operator, Service_interconnect, Service_telemetry_framework, Single_sign\-On, Support_for_spring_boot, Web_terminal, Traefik, Varnish_cache
|
7.5
|
|
|
2023-11-02
|
CVE-2023-5408
|
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
|
Openshift_container_platform
|
7.2
|
|
|
2015-11-25
|
CVE-2015-8103
|
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
|
Jenkins, Openshift_container_platform
|
9.8
|
|
|