Lucene search
K

30 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.14 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS0.00075EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 12:46 p.m.6 views

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:46 p.m.10 views

EUVD-2026-38234

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 12:46 p.m.18 views

CVE-2026-54100

CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used with Red Hat OpenShift Container Platform. The flaw is that WMCO establishes SSH connections to Windows worker nodes without verifying the remote host key, enabling an adjacent-network attacker who can intercept or redirect WM...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/22 12:46 p.m.11 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:46 p.m.8 views

EUVD-2026-38233

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/22 12:46 p.m.9 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:45 p.m.14 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00181EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.4.13 machine-config-daemon and openshift (RHSA-2020:2927)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2927 advisory. - kubernetes: node localhost services reachable via martian packets CVE-2020-8558 - proglottis/gpgme: Use-after-free in GPGME bindin...

8.8CVSS7.3AI score0.05071EPSS
Exploits6References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2020-12581

Malware in sbrugna...

6.5CVSS6.4AI score0.00871EPSS
Exploits0References5
OSV
OSV
added 2024/09/16 4:20 a.m.19 views

RHSA-2020:2927 Red Hat Security Advisory: OpenShift Container Platform 4.4.13 machine-config-daemon and openshift security update

Bulletin has no description...

7.5CVSS7.7AI score0.05071EPSS
Exploits6References12
NVD
NVD
added 2022/04/01 11:15 p.m.21 views

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

4.3CVSS0.00735EPSS
Exploits0References1
OSV
OSV
added 2022/04/01 11:15 p.m.39 views

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

3.7CVSS6.7AI score0.00735EPSS
Exploits0References1
Prion
Prion
added 2022/04/01 11:15 p.m.23 views

Design/Logic Flaw

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

4.3CVSS4.1AI score0.00735EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/04/01 10:17 p.m.87 views

CVE-2021-20238

CVE-2021-20238 affects OpenShift Container Platform 4 where the ignition config served by the Machine Config Server can be accessed externally (port 22623, the MCS endpoint) without authentication. This exposes ignition data used to bootstrap nodes (e.g., registry pull secrets) in two scenarios: ...

4.3CVSS4.2AI score0.00735EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.57 views

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

4.4AI score0.00735EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.9 views

Red Hat OpenShift Container Platform 访问控制错误漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. An access control error vulnerability exists in...

4.3CVSS5.1AI score0.00735EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/01 12:0 a.m.4 views

PT-2022-9172 · Red Hat · Openshift Container Platform 4

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform 4 affected versions not specified Description: It was found that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623...

4.3CVSS3.9AI score0.00735EPSS
Exploits0References4
Rows per page
Query Builder