Lucene search
K

77 matches found

CVE
CVE
added 2024/08/21 5:45 a.m.164 views

CVE-2024-6508

The CVE-2024-6508 issue affects OpenShift Console (OAuth2) where insufficient entropy in the state parameter enables CSRF, potentially allowing login with a third-party account. Connected Red Hat advisories (RHSA) for OpenShift 4.x note this CVE is addressed by security updates in multiple releas...

8CVSS7.9AI score0.00559EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/08/19 1:44 p.m.21 views

CVE-2024-6508

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7.3AI score0.00559EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

8CVSS7.9AI score0.00559EPSS
Exploits0References22
Cvelist
Cvelist
added 2024/07/26 1:34 p.m.18 views

CVE-2024-7128 Openshift-console: unauthenticated data exposure

A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...

5.3CVSS0.00414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/07/26 11:30 a.m.17 views

CVE-2024-7128

A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...

5.3CVSS5.2AI score0.00414EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.5 views

PT-2024-38095 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: OpenShift console affected versions not specified Description: A flaw was found in the OpenShift console, where several endpoints use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider is se...

5.3CVSS5.2AI score0.00414EPSS
Exploits0References12
OSV
OSV
added 2024/07/24 4:15 p.m.9 views

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

6.5CVSS6.8AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/24 3:51 p.m.15 views

CVE-2024-7079 Openshift-console: unauthenticated installation of helm charts

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

6.5CVSS6.9AI score0.00361EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/07/24 2:7 p.m.22 views

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...

6.5CVSS6.5AI score0.00361EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.7 views

PT-2024-38065 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift console affected versions not specified Description: A flaw was found in the Openshift console, specifically in the /API/helm/verify endpoint, which is responsible for fetching and verifying the installation of a Helm chart from a...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.5 views

PT-2024-5369 · Skupper · Skupper

Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...

8.2CVSS6.8AI score0.00528EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.3 views

PT-2024-37698 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: OpenShift Console affected versions not specified Description: A flaw was found in OpenShift Console, allowing a Server Side Request Forgery SSRF attack to occur if an attacker supplies all or part of a URL to the server to query. The server,...

8.1CVSS6.1AI score0.03001EPSS
Exploits3References39
ATTACKERKB
ATTACKERKB
added 2023/09/15 9:15 p.m.3 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS5.8AI score0.00854EPSS
Exploits0References4
OSV
OSV
added 2023/09/15 9:15 p.m.4 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS5.5AI score0.00854EPSS
Exploits0References3
Prion
Prion
added 2023/09/15 9:15 p.m.20 views

Authentication flaw

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

5CVSS7.7AI score0.00854EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/09/15 8:17 p.m.23 views

CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS7.8AI score0.00854EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.5 views

PT-2023-16542 · Red Hat +1 · Openshift Console +1

Name of the Vulnerable Software and Affected Versions: OpenShift console affected versions not specified Description: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced,...

7.5CVSS7AI score0.00854EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2023/02/15 12:4 p.m.38 views

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

7.5CVSS2.4AI score0.00854EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/09/20 4:32 p.m.55 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.5 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

8.6CVSS6.7AI score0.03478EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2022/08/22 9:14 p.m.61 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.56 security and bug fix update

Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

7.5CVSS6.7AI score0.01615EPSS
Exploits0References4
Rows per page
Query Builder