Red Hat OpenShift Container Platform for LinuxONE 4.9

CPE Details

Red Hat OpenShift Container Platform for LinuxONE 4.9
redhat
openshift_container_platform_for_linuxone
4.9
2023-12-16
02h47 +00:00
2023-12-16
02h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openshift_container_platform_for_linuxone

Version

4.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8883 2024-09-19 15h48 +00:00 A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
6.1
Medium
CVE-2024-4629 2024-09-03 19h42 +00:00 A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
6.5
Medium
CVE-2023-6291 2024-01-26 14h23 +00:00 A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1
High
CVE-2023-2585 2023-12-21 09h24 +00:00 Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.
8.1
High
CVE-2022-4039 2023-09-22 14h00 +00:00 A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
9.8
Critical
CVE-2022-3916 2023-09-20 14h28 +00:00 A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
6.8
Medium
CVE-2023-1108 2023-09-14 14h48 +00:00 A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5
High