Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-11247
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning t...
Kubernetes Kubernetes
Kubernetes Kubernetes 1.12.11
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.10
Redhat Openshift Container Platform 3.11
1 Github repository
1 Article
535
VMScore
CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could ab...
Kubernetes Cri-o
Fedoraproject Fedora -
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
2 Github repositories
409
VMScore
CVE-2021-20194
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BP...
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.5
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.4
358
VMScore
CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
5 Github repositories
356
VMScore
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions allowed malicious users to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
578
VMScore
CVE-2020-7013
Kibana versions prior to 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
894
VMScore
CVE-2019-7609
Kibana versions prior to 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing ...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
15 Github repositories
383
VMScore
CVE-2020-10743
It exists that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an malicious user to trick a user into performing arbitrary actions in OCP's distribution of...
Elastic Kibana -
Redhat Openshift Container Platform 4.6.1
Redhat Openshift Container Platform 3.11.286
NA
CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP...
Kubernetes Cri-o -
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.12
578
VMScore
CVE-2019-10355
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and previous versions related to the handling of type casts allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »