Redhat

Openshift Container Platform For Ibm Z

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-9676

  • EPSS 2.67%
  • Veröffentlicht 15.10.2024 16:15:06
  • Zuletzt bearbeitet 03.04.2025 02:15:19

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image us...

6.1

CVE-2024-8883

  • EPSS 4.89%
  • Veröffentlicht 19.09.2024 16:15:06
  • Zuletzt bearbeitet 26.11.2024 19:15:32

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes...

8.1

CVE-2024-1132

  • EPSS 0.24%
  • Veröffentlicht 17.04.2024 14:15:07
  • Zuletzt bearbeitet 30.06.2025 13:58:57

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...

6.5

CVE-2024-1725

  • EPSS 0.14%
  • Veröffentlicht 07.03.2024 20:15:50
  • Zuletzt bearbeitet 26.03.2025 05:15:40

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that ...

7.1

CVE-2023-6291

  • EPSS 0.2%
  • Veröffentlicht 26.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:32

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate o...

8.1

CVE-2023-2585

  • EPSS 0.11%
  • Veröffentlicht 21.12.2023 10:15:34
  • Zuletzt bearbeitet 21.11.2024 07:58:52

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malic...

9.8

CVE-2022-4039

  • EPSS 0.12%
  • Veröffentlicht 22.09.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:34:29

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentia...

7.5

CVE-2020-8945

Exploit
  • EPSS 3.03%
  • Veröffentlicht 12.02.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 05:39:42

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.