CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5037 – Openshift/telemeter: iss check during jwt authentication can be bypassed
https://notcve.org/view.php?id=CVE-2024-5037
05 Jun 2024 — A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. Se encontró una falla en Telemeter de OpenShift. Si se cumplen ciertas condiciones, un atacante puede usar un token falsificado para evitar la verificación del problema ("iss") durante la autenticación del token web JSON (JWT). Red Hat OpenShift Container Platform release 4.16.1 is now available with updates to package... • https://access.redhat.com/errata/RHSA-2024:4151 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3248 – Openshift api admission checks does not enforce "custom-host" permissions
https://notcve.org/view.php?id=CVE-2022-3248
05 Oct 2023 — A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. Se encontró una falla en la API de OpenShift, ya que las comprobaciones de admisión no aplican permisos de "custom-host". Este problema podría permitir que un atacante viole los límites, ya que no se aplicarán los permisos. • https://access.redhat.com/security/cve/CVE-2022-3248 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1632
https://notcve.org/view.php?id=CVE-2022-1632
01 Sep 2022 — An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. Se ha encontrado un ataque de comprobación inapropiada de certificados en Openshift. Una ruta de re-encriptación con destinationCACertificate explícitamente establecido en el serviceCA por defecto omite... • https://bugzilla.redhat.com/show_bug.cgi?id=2081181 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
30 Jun 2022 — It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2021-4048 – lapack: Out-of-bounds read in *larrv
https://notcve.org/view.php?id=CVE-2021-4048
08 Dec 2021 — An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. Se ha encontrado un fallo de lectura fuera de límites en las funciones CLARRV, DLARRV, SLARRV y ZLARRV de lapack versiones hasta 3.10.0, usadas también en OpenBLAS versiones anteriores a 0.3.18. L... • https://github.com/JuliaLang/julia/issues/42415 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3636 – openshift: Injected service-ca.crt incorrectly contains additional internal CAs
https://notcve.org/view.php?id=CVE-2021-3636
28 Jul 2021 — It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se ... • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
23 Jun 2021 — .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privil... • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3586 – servicemesh-operator: NetworkPolicy resources incorrectly specify ports for ingress resources
https://notcve.org/view.php?id=CVE-2021-3586
11 Jun 2021 — A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en servicemesh-operator. Los recursos NetworkPolicy instalados para Maistra no especifican correctamente a qué puertos pueden accederse, permitiendo el acceso a todos l... • https://access.redhat.com/security/cve/CVE-2021-3586 • CWE-305: Authentication Bypass by Primary Weakness CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35514
https://notcve.org/view.php?id=CVE-2020-35514
02 Jun 2021 — An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0... • https://bugzilla.redhat.com/show_bug.cgi?id=1914714 • CWE-266: Incorrect Privilege Assignment •