Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2016-3727
The API URL computer/(master)/api/xml in Jenkins prior to 2.3 and LTS prior to 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Jenkins Jenkins
Redhat Openshift 3.2
Redhat Openshift 3.1
NA
CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all...
Redhat Openshift Container Platform 4.0
Redhat Openshift Developer Tools And Services -
Redhat Openshift Api For Data Protection -
448
VMScore
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
409
VMScore
CVE-2021-20194
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BP...
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.5
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.4
578
VMScore
CVE-2019-14819
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
356
VMScore
CVE-2019-14854
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operato...
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
383
VMScore
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include so...
Redhat Openshift Container Platform 4.0
Redhat Openshift Machine-config-operator
516
VMScore
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
534
VMScore
CVE-2020-10752
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuth...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
535
VMScore
CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could ab...
Kubernetes Cri-o
Fedoraproject Fedora -
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »