Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform_ibm_z_systems
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-14 | CVE-2023-6134 | A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 5.4 | ||
| 2023-11-01 | CVE-2023-5625 | A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | Openshift_container_platform_for_arm64, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Openstack_platform | 7.5 | ||
| 2023-07-05 | CVE-2023-3089 | A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | Openshift_container_platform, Openshift_container_platform_for_arm64, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems | 7.5 | ||
| 2023-09-20 | CVE-2022-3916 | A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 6.8 | ||
| 2023-09-25 | CVE-2022-4318 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | Extra_packages_for_enterprise_linux, Fedora, Cri\-O, Openshift_container_platform_for_arm64, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems | 7.8 | ||
| 2023-08-04 | CVE-2023-0264 | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 5.0 | ||
| 2023-03-23 | CVE-2023-0056 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | Extra_packages_for_enterprise_linux, Fedora, Haproxy, Ceph_storage, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Software_collections | 6.5 |