Redhat

Openshift

161 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-25131

  • EPSS 0.52%
  • Veröffentlicht 19.12.2024 15:15:07
  • Zuletzt bearbeitet 19.12.2024 15:15:07

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service accoun...

5.3

CVE-2024-52615

  • EPSS 0.2%
  • Veröffentlicht 21.11.2024 21:15:23
  • Zuletzt bearbeitet 23.09.2025 10:15:34

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

7.7

CVE-2024-0793

  • EPSS 0.14%
  • Veröffentlicht 17.11.2024 11:15:06
  • Zuletzt bearbeitet 18.11.2024 17:11:17

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

9.9

CVE-2024-45496

  • EPSS 0.11%
  • Veröffentlicht 17.09.2024 00:15:52
  • Zuletzt bearbeitet 09.01.2025 09:15:07

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, al...

8

CVE-2024-6508

  • EPSS 0.66%
  • Veröffentlicht 21.08.2024 06:15:08
  • Zuletzt bearbeitet 09.01.2025 09:15:07

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficie...

3.1

CVE-2024-6501

  • EPSS 0.08%
  • Veröffentlicht 09.07.2024 20:15:12
  • Zuletzt bearbeitet 21.11.2024 09:49:46

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denia...

6.8

CVE-2024-4369

  • EPSS 0.05%
  • Veröffentlicht 01.05.2024 00:15:06
  • Zuletzt bearbeitet 21.11.2024 09:42:42

An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controll...

7.2

CVE-2024-3154

  • EPSS 0.51%
  • Veröffentlicht 26.04.2024 04:15:09
  • Zuletzt bearbeitet 21.11.2024 09:29:01

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

6.2

CVE-2024-2905

  • EPSS 0.02%
  • Veröffentlicht 25.04.2024 18:15:08
  • Zuletzt bearbeitet 04.11.2025 22:16:00

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, p...

7.7

CVE-2024-1139

  • EPSS 0.21%
  • Veröffentlicht 25.04.2024 17:15:47
  • Zuletzt bearbeitet 21.11.2024 08:49:52

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.