Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Container Platform For Linuxone
Subscriptions
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6291 | 1 Redhat | 18 Build Keycloak, Enterprise Linux, Jboss Data Grid and 15 more | 2024-08-20 | 7.1 High |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | ||||
CVE-2023-5625 | 1 Redhat | 9 Enterprise Linux, Openshift, Openshift Container Platform For Arm64 and 6 more | 2024-08-20 | 5.3 Medium |
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | ||||
CVE-2020-8945 | 3 Fedoraproject, Gpgme Project, Redhat | 12 Fedora, Gpgme, Enterprise Linux and 9 more | 2024-08-04 | 7.5 High |
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | ||||
CVE-2022-4318 | 3 Fedoraproject, Kubernetes, Redhat | 9 Extra Packages For Enterprise Linux, Fedora, Cri-o and 6 more | 2024-08-03 | 7.8 High |
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | ||||
CVE-2022-4039 | 1 Redhat | 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more | 2024-08-03 | 8 High |
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | ||||
CVE-2022-3916 | 1 Redhat | 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more | 2024-08-03 | 6.8 Medium |
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | ||||
CVE-2023-3089 | 2 Devworkspace, Redhat | 18 1.0, Acm, Amq Streams and 15 more | 2024-08-02 | 7 High |
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | ||||
CVE-2023-2585 | 1 Redhat | 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more | 2024-08-02 | 3.5 Low |
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. | ||||
CVE-2023-1108 | 2 Netapp, Redhat | 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more | 2024-08-02 | 7.5 High |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. |
Page 1 of 1.