Redhat Openshift Container Platform vulnerabilities

CVE-2024-5037 [HIGH] CWE-290 CVE-2024-5037: A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

CVE-2024-1132 [HIGH] CWE-22 CVE-2024-1132: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URI

CVE-2024-0406 [HIGH] CWE-22 CVE-2024-0406: A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specia A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

CVE-2024-1725 [MEDIUM] CWE-501 CVE-2024-1725: A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (H A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

CVE-2024-1635 [HIGH] CWE-400 CVE-2024-1635: A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the

CVE-2023-6291 [HIGH] CWE-601 CVE-2023-6291: A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

CVE-2023-6476 [HIGH] CWE-770 CVE-2023-6476: A flaw was found in CRI-O that involves an experimental annotation leading to a container being unco A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

CVE-2023-2585 [HIGH] CWE-358 CVE-2023-2585: Keycloak's device authorization grant does not correctly validate the device code and client ID. An Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-6563 [HIGH] CWE-770 CVE-2023-6563: An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge

CVE-2023-6134 [MEDIUM] CWE-79 CVE-2023-6134: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildc A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVE-2023-5408 [HIGH] CWE-269 CVE-2023-5408: A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-5366 [MEDIUM] CWE-345 CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual m A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

CVE-2022-3248 [HIGH] CWE-863 CVE-2022-3248: A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. Thi A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

CVE-2022-4145 [MEDIUM] CWE-74 CVE-2022-4145: A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthen A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

CVE-2023-2422 [HIGH] CWE-295 CVE-2023-2422: A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/ A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

CVE-2023-3153 [MEDIUM] CWE-400 CVE-2023-3153: A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE-2023-3223 [HIGH] CWE-789 CVE-2023-3223: A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to nu

CVE-2023-4065 [MEDIUM] CWE-117 CVE-2023-4065: A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQAr A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.