RHSA-2023:0560CriticalCVSS 9.9

Red Hat Security Advisory: OpenShift Container Platform 4.10.51 security update

Published
February 8, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (23)

CVE-2022-45380CVE-2020-7692CVE-2022-36882CVE-2022-43401CVE-2022-43402CVE-2022-43404CVE-2022-45047CVE-2022-45381CVE-2022-30953CVE-2022-36884CVE-2022-36885CVE-2022-43408CVE-2022-25857CVE-2022-36883CVE-2022-43403CVE-2022-43406CVE-2022-45379CVE-2022-30946CVE-2022-30952CVE-2022-30954CVE-2022-43405CVE-2022-43407CVE-2022-43409

📋 Description

CVE-2020-7692 — google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-30946 — plugin: CSRF vulnerability in Script Security Plugin CVE-2022-30952 — plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin CVE-2022-30953 — plugin: CSRF vulnerability in Blue Ocean Plugin CVE-2022-30954 — plugin: missing permission checks in Blue Ocean Plugin CVE-2022-36882 — jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git CVE-2022-36883 — plugin: Lack of authentication mechanism in Git Plugin webhook CVE-2022-36884 — plugin: Lack of authentication mechanism in Git Plugin webhook CVE-2022-36885 — plugin: Non-constant time webhook signature comparison in GitHub Plugin CVE-2022-43401 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43402 — jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin CVE-2022-43403 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43404 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43405 — jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin CVE-2022-43406 — jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin CVE-2022-43407 — jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin CVE-2022-43408 — jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin CVE-2022-43409 — jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-45379 — jenkins-plugin/script-security: Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions CVE-2022-45380 — jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2022-45381 — jenkins-plugin/pipeline-utility-steps: Arbitrary file read vulnerability in Pipeline Utility Steps Plugin

🔗 References (26)