Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-3262
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an malicious user to supply an incorrect name with the DNS search policy, affecting confidentiality and availabilit...
Redhat Openshift 4.9
5.3
CVSSv3
CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary ...
Redhat Openshift 4.11
6.5
CVSSv3
CVE-2023-4456
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Redhat Openshift Logging
NA
CVE-2015-5274
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
Redhat Openshift 2.2
6.5
CVSSv3
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openshift Deployer
9.8
CVSSv3
CVE-2013-2060
The download_from_url function in OpenShift Origin allows remote malicious users to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Redhat Openshift 1.0
8.1
CVSSv3
CVE-2013-2103
OpenShift cartridge allows remote URL retrieval
Redhat Openshift 1.0
7
CVSSv3
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-oper...
Redhat Openshift 4.0
7.5
CVSSv3
CVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.
Redhat Openshift Serverless
6.5
CVSSv3
CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an malicious user to obtain the credential and the Authorization: header when requesting the REST...
Redhat Openshift 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »