Lucene search

K
RedhatOpenshift Container Platform

18 matches found

CVE
CVE
•added 2024/07/01 1:15 p.m.•5259 views

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1CVSS8.5AI score0.65447EPSS
CVE
CVE
•added 2024/04/17 2:15 p.m.•410 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any...

8.1CVSS5.7AI score0.00177EPSS
CVE
CVE
•added 2024/04/06 5:15 p.m.•377 views

CVE-2024-0406

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges ...

7.8CVSS5.9AI score0.10408EPSS
CVE
CVE
•added 2024/10/09 3:15 p.m.•267 views

CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can...

7.8CVSS4.8AI score0.00085EPSS
CVE
CVE
•added 2024/09/19 4:15 p.m.•260 views

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leadi...

6.1CVSS6.4AI score0.0489EPSS
CVE
CVE
•added 2024/02/19 10:15 p.m.•257 views

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and op...

7.5CVSS7.4AI score0.0833EPSS
CVE
CVE
•added 2024/10/01 7:15 p.m.•253 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host direct...

8.2CVSS5.4AI score0.00457EPSS
CVE
CVE
•added 2024/01/26 3:15 p.m.•252 views

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

7.1CVSS6.5AI score0.00196EPSS
CVE
CVE
•added 2024/03/07 8:15 p.m.•157 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

6.5CVSS8AI score0.0018EPSS
CVE
CVE
•added 2024/10/15 4:15 p.m.•134 views

CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--u...

6.5CVSS6.9AI score0.02282EPSS
CVE
CVE
•added 2024/01/09 10:15 p.m.•115 views

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

7.5CVSS7.1AI score0.00168EPSS
CVE
CVE
•added 2024/10/22 2:15 p.m.•109 views

CVE-2024-50312

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of...

5.3CVSS5.1AI score0.00059EPSS
CVE
CVE
•added 2024/06/05 6:15 p.m.•94 views

CVE-2024-5037

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

7.5CVSS7.5AI score0.00191EPSS
CVE
CVE
•added 2024/10/22 2:15 p.m.•90 views

CVE-2024-50311

A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...

6.5CVSS6.7AI score0.0008EPSS
CVE
CVE
•added 2024/09/03 8:15 p.m.•85 views

CVE-2024-4629

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This ...

6.5CVSS6.6AI score0.00166EPSS
CVE
CVE
•added 2024/06/12 9:15 a.m.•83 views

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

8.1CVSS7.8AI score0.00932EPSS
CVE
CVE
•added 2024/07/24 4:15 p.m.•77 views

CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middle...

6.5CVSS5.5AI score0.00278EPSS
CVE
CVE
•added 2024/08/02 9:16 p.m.•51 views

CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources unti...

7.7CVSS5.1AI score0.00232EPSS