Lucene search

K
RedhatOpenshift Container Platform

20 matches found

CVE
CVE
added 2021/12/14 12:15 p.m.1080 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS
CVE
CVE
added 2021/03/18 5:15 p.m.412 views

CVE-2020-27827

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.00415EPSS
CVE
CVE
added 2021/06/02 11:15 a.m.332 views

CVE-2020-10743

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

4.3CVSS4.5AI score0.00134EPSS
CVE
CVE
added 2021/03/23 5:15 p.m.289 views

CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

7.5CVSS7.3AI score0.00089EPSS
CVE
CVE
added 2021/04/01 6:15 p.m.280 views

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinite...

7.1CVSS6.5AI score0.00111EPSS
CVE
CVE
added 2021/02/11 6:15 p.m.278 views

CVE-2021-20188

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the contai...

7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2021/03/04 10:15 p.m.234 views

CVE-2020-25639

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

4.9CVSS5.5AI score0.00119EPSS
CVE
CVE
added 2021/02/23 11:15 p.m.230 views

CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the lo...

7.8CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2021/05/26 9:15 p.m.182 views

CVE-2021-20297

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2021/03/16 10:15 p.m.170 views

CVE-2021-3344

A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to o...

8.8CVSS9.1AI score0.00676EPSS
CVE
CVE
added 2021/02/23 10:15 p.m.168 views

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as th...

8.8CVSS9AI score0.0053EPSS
CVE
CVE
added 2021/03/16 9:15 p.m.161 views

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and s...

7.4CVSS7.2AI score0.00594EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.96 views

CVE-2020-14336

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerabilit...

6.5CVSS6.1AI score0.00329EPSS
CVE
CVE
added 2021/05/14 9:15 p.m.79 views

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first cr...

7.1CVSS7.3AI score0.0013EPSS
CVE
CVE
added 2021/03/19 9:15 p.m.71 views

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM...

9CVSS6.9AI score0.0039EPSS
CVE
CVE
added 2021/06/02 5:15 p.m.68 views

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary Ja...

7.1CVSS6.7AI score0.00225EPSS
CVE
CVE
added 2021/03/19 9:15 p.m.67 views

CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and us...

6.5CVSS6.2AI score0.00147EPSS
CVE
CVE
added 2021/03/24 5:15 p.m.53 views

CVE-2019-19354

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

7.8CVSS7.6AI score0.00047EPSS
CVE
CVE
added 2021/03/24 5:15 p.m.52 views

CVE-2019-19353

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

7CVSS6.9AI score0.00036EPSS
CVE
CVE
added 2021/03/24 5:15 p.m.44 views

CVE-2019-19352

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

7CVSS6.9AI score0.00036EPSS