Openshift Container Platform For Linuxone@4.9 Security Vulnerabilities and Issues — Openshift Container Platform For Linuxone@4.9 CVE List

Lucene search

RedhatOpenshift Container Platform For Linuxone4.9

9 matches found

CVE•added 2023/09/22 3:15 p.m.•3198 views

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server confi...

9.8CVSS8.7AI score0.00121EPSS

CVE•added 2023/09/14 3:15 p.m.•2602 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.0481EPSS

CVE•added 2023/12/21 10:15 a.m.•2580 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access...

8.1CVSS5.6AI score0.00112EPSS

CVE•added 2024/04/17 2:15 p.m.•389 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any...

8.1CVSS5.7AI score0.00177EPSS

CVE•added 2023/09/20 3:15 p.m.•261 views

CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to ...

6.8CVSS7.1AI score0.00226EPSS

CVE•added 2024/02/19 10:15 p.m.•250 views

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and op...

7.5CVSS7.4AI score0.10466EPSS

CVE•added 2024/01/26 3:15 p.m.•247 views

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

7.1CVSS6.5AI score0.00196EPSS

CVE•added 2024/09/19 4:15 p.m.•241 views

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leadi...

6.1CVSS6.4AI score0.0489EPSS

CVE•added 2024/09/03 8:15 p.m.•83 views

CVE-2024-4629

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This ...

6.5CVSS6.6AI score0.00166EPSS