RHCOS 3 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3906 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

RHSA-2019:2651 Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On fo...

Security Bulletin: Log4j vulnerability CVE-2021-44228 affects IBM Cloud Pak for Data System 1.0

Summary Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and mitigation for the reported Apache Log4j vulnerability, CVE-2021-44228. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...

CVE-2018-14645

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service. Mitigation HTTP/2 support is disabled by default on OpenShift Container Platform 3.11. To mitigate this...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2992)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2992 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2019:2818)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2818 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Information Disclosure

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

CVE-2019-3899

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11...

CVE-2019-3899

CVE-2019-3899 affects the Heketi component as shipped with OpenShift Container Platform 3.11. The issue arises from the default configuration that does not require authentication, potentially exposing the Heketi management interface to unauthorized use. Red Hat advisory RHSA-2019:3255 documents a...

CVE-2018-10937

CVE-2018-10937 describes a cross-site scripting flaw in the tetonic-console component of OpenShift Container Platform 3.11. An attacker who can create pods can leverage this flaw to act on the Kubernetes API as the victim, implying potential privilege abuse within the cluster. The description doe...