Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift container platform - vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2020-10752
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuth...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
4
CVSSv2
CVE-2019-14854
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operato...
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
5.8
CVSSv2
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
6.5
CVSSv2
CVE-2019-14819
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
NA
CVE-2023-3223
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it...
Redhat Undertow
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Single Sign-on 7.6
Redhat Jboss Enterprise Application Platform 7.4
4
CVSSv2
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions allowed malicious users to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
6.5
CVSSv2
CVE-2020-7013
Kibana versions prior to 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
4.3
CVSSv2
CVE-2020-10743
It exists that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an malicious user to trick a user into performing arbitrary actions in OCP's distribution of...
Elastic Kibana -
Redhat Openshift Container Platform 4.6.1
Redhat Openshift Container Platform 3.11.286
4
CVSSv2
CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
5 Github repositories
10
CVSSv2
CVE-2019-7609
Kibana versions prior to 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing ...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
16 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »