Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift container platform vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authe...
Kubernetes Kubernetes
Kubernetes Kubernetes 1.15.3
Kubernetes Kubernetes 1.15.4
Kubernetes Kubernetes 1.16.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
312
VMScore
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
890
VMScore
CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an malicious user to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Grafana Grafana
Saml Project Saml
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Openshift Service Mesh 2.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
605
VMScore
CVE-2021-3529
A flaw was found in noobaa-core in versions prior to 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resu...
Redhat Noobaa-operator
Redhat Openshift Container Platform 4.0
605
VMScore
CVE-2019-0542
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
Xtermjs Xterm.js
Redhat Openshift Container Platform
NA
CVE-2023-4853
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resul...
Quarkus Quarkus
Redhat Decision Manager 7.0
Redhat Jboss Middleware Text-only Advisories 1.0
Redhat Jboss Middleware 1
Redhat Integration Service Registry -
Redhat Integration Camel Quarkus -
Redhat Build Of Quarkus
Redhat Openshift Serverless -
Redhat Integration Camel K
Redhat Process Automation Manager 7.0
Redhat Build Of Optaplanner 8.0
Redhat Openshift Serverless 1.0
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
3 Github repositories
NA
CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all...
Redhat Openshift Container Platform 4.0
Redhat Openshift Developer Tools And Services -
Redhat Openshift Api For Data Protection -
383
VMScore
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri...
Prometheus Prometheus
Redhat Openshift Container Platform 3.11
516
VMScore
CVE-2020-27816
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. Th...
Elastic Kibana
Redhat Openshift Container Platform 4.0
578
VMScore
CVE-2019-1003003
An improper authorization vulnerability exists in Jenkins 2.158 and previous versions, LTS 2.150.1 and previous versions in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies ...
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »