VulnerableCode Package Details - pkg:rpm/redhat/openshift@4.13.0-202304211155.p0.gb404935.assembly.stream?arch=el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-5kkq-5jpf-fqev Aliases: CVE-2022-41717 GHSA-xrjj-mj9h-534m	Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.	There are no reported fixed by versions.
VCID-5q6k-7hu5-w3ez Aliases: CVE-2023-0229 GHSA-5465-xc2j-6p84	github.com/openshift/apiserver-library-go Improper Input Validation vulnerability A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.	There are no reported fixed by versions.
VCID-pehm-pzkq-2bdf Aliases: CVE-2022-3259	OpenShift: Missing HTTP Strict Transport Security	There are no reported fixed by versions.
VCID-sdd3-35ng-g7a3 Aliases: CVE-2022-41723 GHSA-vvpx-j8f3-3w6h	golang.org/x/net vulnerable to Uncontrolled Resource Consumption A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5kkq-5jpf-fqev
Aliases:
CVE-2022-41717
GHSA-xrjj-mj9h-534m

Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.

There are no reported fixed by versions.

VCID-5q6k-7hu5-w3ez
Aliases:
CVE-2023-0229
GHSA-5465-xc2j-6p84

github.com/openshift/apiserver-library-go Improper Input Validation vulnerability A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

There are no reported fixed by versions.

VCID-pehm-pzkq-2bdf
Aliases:
CVE-2022-3259

OpenShift: Missing HTTP Strict Transport Security

There are no reported fixed by versions.

VCID-sdd3-35ng-g7a3
Aliases:
CVE-2022-41723
GHSA-vvpx-j8f3-3w6h

golang.org/x/net vulnerable to Uncontrolled Resource Consumption A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T17:23:21.181567+00:00	RedHat Importer	Affected by	VCID-sdd3-35ng-g7a3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41723.json	38.1.0
2026-04-01T13:58:03.739117+00:00	RedHat Importer	Affected by	VCID-pehm-pzkq-2bdf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3259.json	38.0.0
2026-04-01T13:56:14.466449+00:00	RedHat Importer	Affected by	VCID-5kkq-5jpf-fqev	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41717.json	38.0.0
2026-04-01T13:55:51.822435+00:00	RedHat Importer	Affected by	VCID-5q6k-7hu5-w3ez	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0229.json	38.0.0
2026-04-01T13:55:15.413894+00:00	RedHat Importer	Affected by	VCID-sdd3-35ng-g7a3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41723.json	38.0.0