Redhat: >> Openshift Container Platform For Linuxone Security Vulnerabilities
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-09-20
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS Score
7.5
EPSS Score
0.048
Published
2023-09-14
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-07-05
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
CVSS Score
7.5
EPSS Score
0.04
Published
2020-02-12
Page 2