Redhat Openshift Container Platform For Power — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Openshift Container Platform For Power, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2022-4361 — CVSS 10.0 (critical): Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC…
CVE-2024-1132 — CVSS 8.1 (high): A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to…
CVE-2022-4039 — CVSS 8.0 (high): A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface…
CVE-2022-4318 — CVSS 7.8 (high): A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted…
CVE-2025-13601 — CVSS 7.7 (high): A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string()…
CVE-2023-6563 — CVSS 7.7 (high): An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of…
CVE-2026-4424 — CVSS 7.5 (high): A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2023-3223 — CVSS 7.5 (high): A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This…
CVE-2024-1635 — CVSS 7.5 (high): A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a…
CVE-2025-6021 — CVSS 7.5 (high): A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer…
CVE-2023-6291 — CVSS 7.1 (high): A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A…
CVE-2023-3089 — CVSS 7.0 (high): A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of…
CVE-2022-3916 — CVSS 6.8 (medium): A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are…
CVE-2024-4629 — CVSS 6.5 (medium): A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login…
CVE-2024-1725 — CVSS 6.5 (medium): A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an…
CVE-2024-9676 — CVSS 6.5 (medium): A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause…
CVE-2023-0056 — CVSS 6.5 (medium): An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an…
CVE-2024-8883 — CVSS 6.1 (medium): A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect…
CVE-2023-5625 — CVSS 5.3 (medium): A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch…
CVE-2023-6134 — CVSS 4.6 (medium): A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This…
CVE-2023-2585 — CVSS 3.5 (low): Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing…