CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6291 – Keycloak: redirect_uri validation bypass
https://notcve.org/view.php?id=CVE-2023-6291
26 Jan 2024 — A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6476 – Cri-o: pods are able to break out of resource confinement on cgroupv2
https://notcve.org/view.php?id=CVE-2023-6476
09 Jan 2024 — A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de ... • https://access.redhat.com/errata/RHSA-2024:0195 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6134 – Keycloak: reflected xss via wildcard in oidc redirect_uri
https://notcve.org/view.php?id=CVE-2023-6134
14 Dec 2023 — A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. Se encontró una falla en Keycloak que impide ciertos esquemas en las redirecciones, pero los permite si se agrega un comodín al token. Este problema podría permitir que un atacante envíe... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6563 – Keycloak: offline session token dos
https://notcve.org/view.php?id=CVE-2023-6563
14 Dec 2023 — An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. Se descubrió una vulnerab... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 1%CPEs: 4EXPL: 0CVE-2023-5408 – Openshift: modification of node role labels
https://notcve.org/view.php?id=CVE-2023-5408
31 Oct 2023 — A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. Se encontró una falla de escalada de privilegios en el complemento de admisión de restricción de nodos del servidor API de Kubernetes de OpenShift. Un atacante remoto que modifique la etiqueta de función del nod... • https://access.redhat.com/errata/RHSA-2023:5006 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 4%CPEs: 18EXPL: 1CVE-2023-4853 – Quarkus: http security policy bypass
https://notcve.org/view.php?id=CVE-2023-4853
15 Sep 2023 — A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. Se encontró una falla en Quarkus donde las políticas de seguridad HTTP no sanitiza correctamente ciertas permutaciones de caracteres al aceptar solicitudes, lo que res... • https://access.redhat.com/errata/RHSA-2023:5170 • CWE-148: Improper Neutralization of Input Leaders CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4065 – Operator: plaintext password in operator log
https://notcve.org/view.php?id=CVE-2023-4065
24 Aug 2023 — A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. Se encontró una falla en Red Hat AMQ Broker Operador, donde mostraba una contraseña definida en ActiveMQArtemisAddress CR, que se muestra en texto plano en el Registro del Operador. Esta falla permite que un atacante local autenticado acceda a informaci... • https://access.redhat.com/errata/RHSA-2023:4720 • CWE-117: Improper Output Neutralization for Logs CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4066 – Operator: passwords defined in secrets shown in statefulset yaml
https://notcve.org/view.php?id=CVE-2023-4066
24 Aug 2023 — A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. Se encontró una falla en AMQ Broker de Red Hat, que almacena ciertas contraseñas en un módulo secreto de propiedades de seguridad definido en ActivemqArtemisSecurity CR; sin embargo, se muestran en texto plano en el yaml de detalles de StatefulSet de AMQ Broker. Red Hat ... • https://access.redhat.com/errata/RHSA-2023:4720 • CWE-312: Cleartext Storage of Sensitive Information CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 7.8EPSS: 6%CPEs: 18EXPL: 0CVE-2023-3223 – Undertow: outofmemoryerror due to @multipartconfig handling
https://notcve.org/view.php?id=CVE-2023-3223
08 Aug 2023 — A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Se encontró una falla en el undertow. • https://access.redhat.com/errata/RHSA-2023:4505 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1260 – Kube-apiserver: privesc
https://notcve.org/view.php?id=CVE-2023-1260
12 Jul 2023 — An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. Se descubrió una vulnerabilidad de omisión de autenticación en kube-apiserve... • https://access.redhat.com/errata/RHSA-2023:3976 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •