GO-2022-0875 Denial of Service in OpenShift Origin in github.com/openshift/origin

Denial of Service in OpenShift Origin in github.com/openshift/origin...

GO-2022-0854 Authorization bypass in Openshift in github.com/openshift/origin

Authorization bypass in Openshift in github.com/openshift/origin...

Arbitrary File Write

github.com/openshift/source-to-image is vulnerable to Arbitrary File Write. The vulnerability exists due to the improper input validation in tar.go, which allows an attacker to overwrite files outside of the working directory via a Zip Slip...

Unauthorized Access

github.com/openshift/cluster-kube-apiserver-operator allows unauthorized access. Users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master...

Path Traversal

github.com/openshift/osin is vulnerable to path traversal. The vulnerability exists because it does not properly validate the redirect URL, allowing access to sensitive files...