CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0229 – openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions
https://notcve.org/view.php?id=CVE-2023-0229
25 Jan 2023 — A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. Se encontró un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dic... • https://bugzilla.redhat.com/show_bug.cgi?id=2160349 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0296 – openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
https://notcve.org/view.php?id=CVE-2023-0296
17 Jan 2023 — The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), ther... • https://bugzilla.redhat.com/show_bug.cgi?id=2161287 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3259 – OpenShift: Missing HTTP Strict Transport Security
https://notcve.org/view.php?id=CVE-2022-3259
09 Dec 2022 — Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Openshift 4.9 no utiliza HTTP Strict Transport Security (HSTS), que puede permitir ataques de intermediario (MITM). Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include by... • https://bugzilla.redhat.com/show_bug.cgi?id=2103220 • CWE-665: Improper Initialization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3260
https://notcve.org/view.php?id=CVE-2022-3260
08 Dec 2022 — The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. El encabezado de respuesta no ha habilitado X-FRAME-OPTIONS, lo que ayuda a prevenir ataques de Clickjacking. Algunos navegadores interpretarían estos resultados incorrectamente, permitiendo ataques de clickjacking. • https://bugzilla.redhat.com/show_bug.cgi?id=2106780 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3262
https://notcve.org/view.php?id=CVE-2022-3262
08 Dec 2022 — A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. Se encontró un fallo en Openshift. Un pod con una política DNS de "ClusterFirst" puede resolver incorrectamente el nombre de host según un servicio proporcionado. • https://bugzilla.redhat.com/show_bug.cgi?id=2128858 • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4047 – haproxy: Incomplete fix for CVE-2021-39242 in OpenShift 4.9
https://notcve.org/view.php?id=CVE-2021-4047
13 Dec 2021 — The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. La versión de OpenShift 4.9.6, incluía cuatro correcciones de CVE para el paquete haproxy, sin embargo faltaba el parche para CVE-2021-39242. Este problema solo afecta a Red Hat OpenShift versión 4.9 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This ... • https://bugzilla.redhat.com/show_bug.cgi?id=2027881 • CWE-20: Improper Input Validation •