Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-7534
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
Redhat Openshift 3.1
Redhat Openshift 3.0
Redhat Openshift 3.2
Redhat Openshift 3.7
Redhat Openshift 3.3
Redhat Openshift 3.4
Redhat Openshift 3.5
Redhat Openshift 3.6
Redhat Openshift 3.9
5.4
CVSSv3
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Redhat Openshift 3.7
Redhat Openshift 3.6
Redhat Openshift 3.8
Redhat Openshift 3.9
Redhat Openshift 3.10
Redhat Openshift 3.11
Redhat Openshift 4.1
4.3
CVSSv3
CVE-2016-9592
openshift prior to 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of s...
Redhat Openshift 3.4
Redhat Openshift 3.3.1.11
Redhat Openshift 3.2.1.23
6.3
CVSSv3
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.7
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.9
7.5
CVSSv3
CVE-2023-3089
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Linuxone 4.11
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform For Power 4.11
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.11
Redhat Openshift Container Platform For Arm64 4.11
Redhat Openshift Container Platform For Arm64 4.10
Redhat Openshift Container Platform For Arm64 4.12
Redhat Openshift Container Platform For Linuxone 4.12
Redhat Openshift Container Platform For Power 4.12
Redhat Openshift Container Platform Ibm Z Systems 4.12
7.2
CVSSv3
CVE-2023-5408
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader ac...
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
Redhat Openshift Container Platform 4.14
7
CVSSv3
CVE-2020-1706
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
Redhat Openshift Container Platform 4.3
7
CVSSv3
CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running contain...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
Redhat Openshift Container Platform 4.3
9.8
CVSSv3
CVE-2022-4039
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an malicious user to use this interface to deploy malicious code and access and modify potentially sensitive informatio...
Redhat Single Sign-on 7.0
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
6.3
CVSSv3
CVE-2019-10225
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the valu...
Redhat Openshift Container Platform 3.11
Redhat Openshift 4.2
Redhat Openshift Container Platform 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »