Redhat

Openshift Container Platform

321 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.11%
  • Veröffentlicht 02.11.2023 03:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:42

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different wo...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • EPSS 0.39%
  • Veröffentlicht 06.10.2023 18:15:12
  • Zuletzt bearbeitet 21.11.2024 08:41:37

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP addre...

  • EPSS 0.4%
  • Veröffentlicht 05.10.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:08

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

  • EPSS 0.6%
  • Veröffentlicht 05.10.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:34:39

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

  • EPSS 0.99%
  • Veröffentlicht 04.10.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:16:34

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

  • EPSS 0.52%
  • Veröffentlicht 04.10.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:58:35

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other c...

  • EPSS 0.15%
  • Veröffentlicht 27.09.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:20

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

  • EPSS 0.23%
  • Veröffentlicht 27.09.2023 15:19:39
  • Zuletzt bearbeitet 21.11.2024 08:34:19

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their perm...

  • EPSS 2.04%
  • Veröffentlicht 27.09.2023 15:18:56
  • Zuletzt bearbeitet 21.11.2024 08:16:44

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...