Search for packages
| purl | pkg:rpm/redhat/openshift@4.14.0-202310210404.p0.gf67aeb3.assembly.stream?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5781-s1ny-q7ey
Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
There are no reported fixed by versions. | |
|
VCID-7359-arkb-zkg6
Aliases: CVE-2023-2728 GHSA-cgcv-5272-97pr |
Kubernetes mountable secrets policy bypass Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | There are no reported fixed by versions. |
|
VCID-9gyw-sc8g-q7a5
Aliases: CVE-2023-3089 |
openshift: OCP & FIPS mode | There are no reported fixed by versions. |
|
VCID-h7qt-3g1f-5ffr
Aliases: CVE-2023-39325 GHSA-4374-p667-p6c8 |
HTTP/2 rapid reset can cause excessive work in net/http A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | There are no reported fixed by versions. |
|
VCID-pqb1-j3ad-efam
Aliases: CVE-2023-2727 GHSA-qc2g-gmh6-95p4 |
kube-apiserver vulnerable to policy bypass Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | There are no reported fixed by versions. |
|
VCID-vz9b-19sj-cud3
Aliases: CVE-2023-37788 GHSA-4r8x-2p26-976p |
goproxy Denial of Service vulnerability goproxy prior to pseudoversion 0.0.0-20230731152917-f99041a5c027 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||