Redhat: Security Vulnerabilities
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-19
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-19
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-19
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-10-19
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-17
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-10-17
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-17
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-14
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-10-14
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-10-07