Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift - vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-7534
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
Redhat Openshift 3.7
Redhat Openshift 3.9
Redhat Openshift 3.4
Redhat Openshift 3.6
Redhat Openshift 3.0
Redhat Openshift 3.1
Redhat Openshift 3.2
Redhat Openshift 3.3
Redhat Openshift 3.5
5
CVSSv2
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Redhat Openshift 3.7
Redhat Openshift 3.6
Redhat Openshift 3.8
Redhat Openshift 3.9
Redhat Openshift 3.10
Redhat Openshift 3.11
Redhat Openshift 4.1
4
CVSSv2
CVE-2016-9592
openshift prior to 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of s...
Redhat Openshift 3.4
Redhat Openshift 3.3.1.11
Redhat Openshift 3.2.1.23
NA
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.7
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.9
4.6
CVSSv2
CVE-2019-19345
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions before 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /e...
Redhat Openshift 3.11
Redhat Openshift
4.3
CVSSv2
CVE-2020-10715
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an malicious user to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the...
Redhat Openshift 3.11
Redhat Openshift
4.6
CVSSv2
CVE-2020-1709
A vulnerability was found in all openshift/mediawiki 4.x.x versions before 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and esca...
Redhat Openshift 3.11
Redhat Openshift
4.4
CVSSv2
CVE-2020-35514
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own nod...
Redhat Openshift
Redhat Openshift 4.7.0
NA
CVE-2023-5408
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader ac...
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
Redhat Openshift Container Platform 4.14
4.4
CVSSv2
CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running contain...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
Redhat Openshift Container Platform 4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »