Redhat Openshift Container Platform Ibm Z Systems vulnerabilities

CVE-2024-4629 [MEDIUM] CWE-837 CVE-2024-4629: A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection b A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses

CVE-2023-6134 [MEDIUM] CWE-79 CVE-2023-6134: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildc A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVE-2023-5625 [MEDIUM] CVE-2023-5625: A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch app A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

CVE-2022-4318 [HIGH] CWE-538 CVE-2022-4318: A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/pass A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVE-2022-3916 [MEDIUM] CWE-384 CVE-2022-3916: A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared co A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authen

CVE-2023-0264 [MEDIUM] CWE-287 CVE-2023-0264: A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availabili

CVE-2023-3089 [HIGH] CWE-693 CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVE-2023-0056 [MEDIUM] CWE-400 CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the s An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.