Redhat

Openshift Container Platform

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-0874

  • EPSS 0.13%
  • Published 25.04.2024 17:15:47
  • Last modified 21.11.2024 08:47:34

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

8.1

CVE-2024-1132

  • EPSS 0.24%
  • Published 17.04.2024 14:15:07
  • Last modified 30.06.2025 13:58:57

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...

7.8

CVE-2024-0406

  • EPSS 13.5%
  • Published 06.04.2024 17:15:07
  • Last modified 25.04.2025 15:02:44

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of f...

6.5

CVE-2024-1725

  • EPSS 0.14%
  • Published 07.03.2024 20:15:50
  • Last modified 26.03.2025 05:15:40

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that ...

7.5

CVE-2024-1635

  • EPSS 8.33%
  • Published 19.02.2024 22:15:48
  • Last modified 07.05.2025 12:27:53

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immedia...

7.1

CVE-2023-6291

  • EPSS 0.2%
  • Published 26.01.2024 15:15:08
  • Last modified 21.11.2024 08:43:32

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate o...

7.5

CVE-2023-6476

  • EPSS 0.17%
  • Published 09.01.2024 22:15:43
  • Last modified 21.11.2024 08:43:55

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial...

8.1

CVE-2023-2585

  • EPSS 0.11%
  • Published 21.12.2023 10:15:34
  • Last modified 21.11.2024 07:58:52

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malic...

5.9

CVE-2023-48795

Media report Exploit
  • EPSS 64.06%
  • Published 18.12.2023 16:15:10
  • Last modified 29.09.2025 21:56:10

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

5.4

CVE-2023-6134

Exploit
  • EPSS 1.41%
  • Published 14.12.2023 22:15:44
  • Last modified 21.11.2024 08:43:12

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or furthe...