Product:

Openshift_container_platform

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/evanphx/json-patch
https://github.com/ansible/ansible
#Vulnerabilities 243
Date Id Summary Products Score Patch Annotated
2019-04-22 CVE-2019-3899 It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. Heketi, Openshift_container_platform 9.8
2019-06-12 CVE-2019-10150 It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. Openshift_container_platform 5.9
2019-08-02 CVE-2019-10176 A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. Openshift_container_platform 5.4
2019-11-25 CVE-2019-10213 OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. Openshift_container_platform 6.5
2020-01-07 CVE-2019-14854 OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. Openshift_container_platform 6.5
2020-01-07 CVE-2019-14819 A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. Openshift_container_platform 8.8
2020-04-22 CVE-2020-10712 A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Openshift_container_platform 8.2
2020-05-12 CVE-2020-10706 A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. Openshift_container_platform 6.6
2021-03-24 CVE-2019-19352 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Openshift_container_platform 7.0
2021-03-24 CVE-2019-19354 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Openshift_container_platform 7.8