Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift container platform 4.0 vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2020-10763
An information-disclosure flaw was found in the way Heketi prior to 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Heketi Project Heketi
Redhat Gluster Storage 3.0
Redhat Gluster Storage 3.5
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 7.0
7.1
CVSSv2
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions prior to 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected ...
Storage Project Storage
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
NA
CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
Openstack Oslo.utils
Openstack Oslo.utils 4.12.0
Redhat Openshift Container Platform 4.0
Redhat Openstack Platform 16.1
Debian Debian Linux 10.0
Debian Debian Linux 11.0
3.5
CVSSv2
CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is t...
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 9.0
Redhat Ignition
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6
CVSSv2
CVE-2020-10749
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertiseme...
Linuxfoundation Cni Network Plugins
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Redhat Openshift Container Platform 4.0
1 Github repository
4.6
CVSSv2
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei...
Systemd Project Systemd
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Discovery -
Redhat Migration Toolkit 1.0
Redhat Ceph Storage 4.0
Debian Debian Linux 9.0
1 Github repository
1 Article
5
CVSSv2
CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an malicious user to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The hig...
Haproxy Haproxy
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Openshift Container Platform 4.0
Debian Debian Linux 11.0
NA
CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
Redhat Ceph Storage 3.0
Redhat Openstack Platform 13.0
Redhat Openshift Container Storage 4.0
Redhat Openshift Data Foundation 4.0
Redhat Ceph Storage For Ibm Z Systems 4.0
Redhat Ceph Storage 4.3
Redhat Ceph Storage 5.1
Redhat Ceph Storage 4.0
Redhat Ceph Storage 5.0
Redhat Ceph Storage For Power 4.0
Fedoraproject Fedora 35
Fedoraproject Fedora 37
4.4
CVSSv2
CVE-2019-19351
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-...
Redhat Openshift 3.11
Redhat Openshift 4.0
2.1
CVSSv2
CVE-2019-19335
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned wo...
Redhat Openshift 4.2
Redhat Openshift 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »