Redhat OpenShift Container Platform 4.8

CPE Details

Redhat OpenShift Container Platform 4.8
redhat
openshift_container_platform
4.8
2021-12-16
19h56 +00:00
2022-01-04
14h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openshift_container_platform

Version

4.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1677 2022-09-01 17h51 +00:00 In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
6.3
Medium
CVE-2021-3827 2022-08-23 13h52 +00:00 A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
6.8
Medium
CVE-2021-3609 2022-03-03 17h24 +00:00 .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
7
High
CVE-2021-3631 2022-03-01 23h00 +00:00 A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
6.3
Medium
CVE-2021-4104 2021-12-13 23h00 +00:00 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
7.5
High