Redhat Openshift vulnerabilities

CVE-2026-35091 [HIGH] CWE-253 CVE-2026-35091: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vul A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory conte

CVE-2026-35092 [HIGH] CWE-190 CVE-2026-35092: A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity va A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use

CVE-2025-14512 [MEDIUM] CWE-190 CVE-2025-14512: A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (Do A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVE-2024-45777 [MEDIUM] CWE-787 CVE-2024-45777: A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo fil A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

CVE-2024-12085 [HIGH] CWE-908 CVE-2024-12085: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVE-2024-1485 [HIGH] CWE-22 CVE-2024-1485: A flaw was found in the decompression function of registry-support. This issue can be triggered if a A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not

CVE-2023-0229 [MEDIUM] CWE-20 CVE-2023-0229: A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to d

CVE-2023-0296 [MEDIUM] CVE-2023-0296: The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health ch The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be conside

CVE-2022-3259 [HIGH] CWE-665 CVE-2022-3259: Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle ( Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

CVE-2022-3262 [HIGH] CWE-453 CVE-2022-3262: A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

CVE-2022-3260 [MEDIUM] CWE-1021 CVE-2022-3260: The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attac The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

CVE-2013-4253 [HIGH] CWE-377 CVE-2013-4253: The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Opensh The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.

CVE-2013-4281 [MEDIUM] CWE-276 CVE-2013-4281: In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem f In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

CVE-2017-7517 [LOW] CWE-20 CVE-2017-7517: An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.

CVE-2022-2403 [MEDIUM] CWE-497 CVE-2022-2403: A credentials leak was found in the OpenShift Container Platform. The private key for the external c A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-

CVE-2021-4125 [HIGH] CWE-20 CVE-2021-4125: It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift mete It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

CVE-2021-3697 [HIGH] CWE-787 CVE-2021-3697: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlle A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution

CVE-2021-3695 [MEDIUM] CWE-787 CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to

CVE-2021-3696 [MEDIUM] CWE-787 CVE-2021-3696: A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitr

CVE-2021-4047 [HIGH] CVE-2021-4047: The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch fo The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.