Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.88 security and extras update

Red Hat OpenShift Container Platform release 4.12.88 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...

RHCOS 4 : OpenShift Container Platform 4.5.7 jenkins and openshift (RHSA-2020:3519)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3519 advisory. - jenkins: Stored XSS vulnerability in job build time trend CVE-2020-2220 - jenkins: Stored XSS vulnerability in upstream cause...

RHCOS 4 : OpenShift Container Platform 4.4.z jenkins-2-plugins (RHSA-2020:2737)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2737 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

RHCOS 4 : OpenShift Container Platform 4.8.17 (RHSA-2021:3926)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3926 advisory. - coreos-installer: incorrect signature verification on gzip-compressed install images CVE-2021-20319 Note that Nessus has not tested for thi...

RHCOS 4 : OpenShift Container Platform 4.2.36 openshift (RHSA-2020:2594)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2594 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

RHCOS 4 : OpenShift Container Platform 4.3.12 podman (RHSA-2020:1396)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1396 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 - buildah: Crafted input tar file may...

RHCOS 4 : OpenShift Container Platform 4.6.8 (RHSA-2020:5260)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5260 advisory. - kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider CVE-2020-8563 Note that Nessus has not tested for this issu...

RHCOS 4 : OpenShift Container Platform 4.9.22 (RHSA-2022:0557)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0557 advisory. - golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 - golang:...

RHCOS 4 : OpenShift Container Platform 4.1 openshift-external-storage (RHSA-2019:4225)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4225 advisory. - kubernetes-csi: CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation CVE-2019-11255...

RHCOS 4 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. - cri-o: malicious container can create symlink on host CVE-2024-5154 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...

RHCOS 4 : OpenShift Container Platform 4.14.48 (RHSA-2025:1453)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1453 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

RHCOS 4 : OpenShift Container Platform 4.14.23 (RHSA-2024:2054)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2054 advisory. - kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin CVE-2024-3177 -...

RHCOS 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory. - python-werkzeug: high resource consumption leading to denial of service CVE-2023-46136 Note that Nessus has not tested for this issue but h...

RHCOS 4 : OpenShift Container Platform 4.18.25 (RHSA-2025:16729)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16729 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...

RHCOS 4 : OpenShift Container Platform 4.14.10 (RHSA-2024:0293)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0293 advisory. - golang: net/http: insufficient sanitization of Host header CVE-2023-29406 - golang: crypto/tls: slow verification of certificate...

RHCOS 4 : OpenShift Container Platform 4.18.2 (RHSA-2025:1908)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1908 advisory. - cri-o: Checkpoint restore can be triggered from different namespaces CVE-2024-8676 - podman: buildah: Container breakout by using...