Redhat Openshift Container Platform vulnerabilities

CVE-2022-4145 [MEDIUM] CWE-74 CVE-2022-4145: A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthen A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

CVE-2023-2422 [HIGH] CWE-295 CVE-2023-2422: A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/ A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

CVE-2023-3153 [MEDIUM] CWE-400 CVE-2023-3153: A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE-2023-3223 [HIGH] CWE-789 CVE-2023-3223: A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to nu

CVE-2023-4065 [MEDIUM] CWE-117 CVE-2023-4065: A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQAr A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

CVE-2023-4066 [MEDIUM] CWE-313 CVE-2023-4066: A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-proper A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

CVE-2023-1260 [HIGH] CWE-288 CVE-2023-1260: An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a re An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow eva

CVE-2022-4039 [CRITICAL] CWE-276 CVE-2022-4039: A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

CVE-2023-4853 [HIGH] CWE-148 CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permut A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CVE-2022-3916 [MEDIUM] CWE-384 CVE-2022-3916: A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared co A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authen

CVE-2022-3466 [MEDIUM] CVE-2022-3466: The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11. The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow

CVE-2023-1108 [HIGH] CWE-835 CVE-2023-1108: A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unex A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVE-2023-0264 [MEDIUM] CWE-287 CVE-2023-0264: A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availabili

CVE-2022-4361 [MEDIUM] CWE-81 CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) v Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.

CVE-2023-3089 [HIGH] CWE-693 CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVE-2023-2253 [MEDIUM] CWE-475 CVE-2023-2253: A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parame A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service t

CVE-2023-1668 [HIGH] CWE-670 CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will instal A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possi

CVE-2022-1274 [MEDIUM] CWE-80 CVE-2022-1274: A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

CVE-2021-3684 [MEDIUM] CWE-532 CVE-2021-3684: A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, i A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

CVE-2023-0056 [MEDIUM] CWE-400 CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the s An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.