Openshift Container Platform@4.13 Security Vulnerabilities and Issues — Openshift Container Platform@4.13 CVE List

Lucene search

RedhatOpenshift Container Platform4.13

9 matches found

CVE•added 2023/09/24 1:15 a.m.•2595 views

CVE-2023-1260

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch on...

8CVSS7.7AI score0.00058EPSS

CVE•added 2025/01/14 6:15 p.m.•257 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01097EPSS

CVE•added 2024/10/09 3:15 p.m.•247 views

CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can...

7.8CVSS4.8AI score0.0008EPSS

CVE•added 2024/10/01 7:15 p.m.•234 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host direct...

8.2CVSS5.4AI score0.00286EPSS

CVE•added 2023/11/02 3:15 a.m.•175 views

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster...

7.2CVSS7.3AI score0.0051EPSS

CVE•added 2024/03/07 8:15 p.m.•153 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

6.5CVSS8AI score0.00133EPSS

CVE•added 2024/10/15 4:15 p.m.•121 views

CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--u...

6.5CVSS6.9AI score0.027EPSS

CVE•added 2024/01/09 10:15 p.m.•114 views

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

7.5CVSS7.1AI score0.00168EPSS

CVE•added 2024/06/12 9:15 a.m.•79 views

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

8.1CVSS7.8AI score0.00932EPSS