redhat openshift logging vulnerabilities and exploits

(subscribe to this query)

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Redhat Openshift Logging

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origi...

Redhat Origin-aggregated-logging 3.11

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. Th...

Elastic Kibana Redhat Openshift Container Platform 4.0

A data modification vulnerability exists in Jenkins 2.153 and previous versions, LTS 2.138.3 and previous versions in User.java, IdStrategy.java that allows malicious users to submit crafted user names that can cause an improper migration of user record storage formats, potential...

Jenkins Jenkins Redhat Openshift Container Platform 3.11

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

F5 Container Ingress Service 1.9.0 Redhat Openshift -

An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provi...

Fasterxml Jackson-databind Debian Debian Linux 9.0 Fedoraproject Fedora 29 Oracle Jd Edwards Enterpriseone Tools 9.2 Oracle Retail Merchandising System 15.0 Redhat Openshift Container Platform 3.11 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Single Sign-on 7.3 Redhat Jboss Brms 6.4.10 Redhat Automation Manager 7.3.1 Redhat Decision Manager 7.3.1

An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possi...

Fasterxml Jackson-databind Debian Debian Linux 9.0 Fedoraproject Fedora 29 Oracle Jd Edwards Enterpriseone Tools 9.2 Oracle Retail Merchandising System 15.0 Redhat Openshift Container Platform 3.11 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Single Sign-on 7.3 Redhat Jboss Brms 6.4.10 Redhat Automation Manager 7.3.1 Redhat Decision Manager 7.3.1

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it...

Redhat Kubeclient

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference cou...

Linux Linux Kernel 6.4 Linux Linux Kernel Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Fedoraproject Fedora 39

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook