Redhat

Openshift Container Platform

274 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-5154

  • EPSS 1.75%
  • Veröffentlicht 12.06.2024 09:15:19
  • Zuletzt bearbeitet 23.06.2025 14:15:26

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

7.5

CVE-2024-5037

  • EPSS 0.25%
  • Veröffentlicht 05.06.2024 18:15:11
  • Zuletzt bearbeitet 21.11.2024 09:46:49

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

5.3

CVE-2024-0874

  • EPSS 0.13%
  • Veröffentlicht 25.04.2024 17:15:47
  • Zuletzt bearbeitet 21.11.2024 08:47:34

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

8.1

CVE-2024-1132

  • EPSS 0.24%
  • Veröffentlicht 17.04.2024 14:15:07
  • Zuletzt bearbeitet 30.06.2025 13:58:57

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...

7.8

CVE-2024-0406

  • EPSS 13.5%
  • Veröffentlicht 06.04.2024 17:15:07
  • Zuletzt bearbeitet 25.04.2025 15:02:44

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of f...

6.5

CVE-2024-1725

  • EPSS 0.14%
  • Veröffentlicht 07.03.2024 20:15:50
  • Zuletzt bearbeitet 26.03.2025 05:15:40

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that ...

7.5

CVE-2024-1635

  • EPSS 8.33%
  • Veröffentlicht 19.02.2024 22:15:48
  • Zuletzt bearbeitet 07.05.2025 12:27:53

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immedia...

7.1

CVE-2023-6291

  • EPSS 0.2%
  • Veröffentlicht 26.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:32

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate o...

7.5

CVE-2023-6476

  • EPSS 0.17%
  • Veröffentlicht 09.01.2024 22:15:43
  • Zuletzt bearbeitet 21.11.2024 08:43:55

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial...

8.1

CVE-2023-2585

  • EPSS 0.11%
  • Veröffentlicht 21.12.2023 10:15:34
  • Zuletzt bearbeitet 21.11.2024 07:58:52

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malic...