CPE Details
Red Hat OpenShift Container Platform for IBM Z 4.9
4.9
2023-12-16
02h47 +00:00
02h47 +00:00
2023-12-16
02h47 +00:00
02h47 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
Informations
Vendor
redhatProduct
openshift_container_platform_for_ibm_zVersion
4.9Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. | 6.1 |
Medium |
||
| A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | 7.1 |
High |
||
| Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. | 8.1 |
High |
||
| A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | 9.8 |
Critical |
