Openshift@4.9 Security Vulnerabilities and Issues — Openshift@4.9 CVE List

Lucene search

RedhatOpenshift4.9

4 matches found

CVE•added 2022/12/09 6:15 p.m.•123 views

CVE-2022-3259

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

7.4CVSS7.3AI score0.00062EPSS

CVE•added 2022/12/08 4:15 p.m.•80 views

CVE-2022-3260

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

4.8CVSS5.1AI score0.00148EPSS

CVE•added 2022/12/08 4:15 p.m.•68 views

CVE-2022-3262

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

8.1CVSS7.8AI score0.00348EPSS

CVE•added 2022/04/11 8:15 p.m.•60 views

CVE-2021-4047

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

7.5CVSS7.5AI score0.00467EPSS