Red Hat Cryostat

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Cryostat.

Recent Red Hat Cryostat Security Advisories

Advisory	Title	Published
RHSA-2026:1845	(RHSA-2026:1845) Important: Red Hat build of Cryostat security update	February 3, 2026
RHSA-2026:0761	(RHSA-2026:0761) Important: Red Hat build of Cryostat security update	January 19, 2026
RHSA-2025:21148	(RHSA-2025:21148) Moderate: Red Hat build of Cryostat 4.1.0: new RHEL 9 container image security update	November 25, 2025
RHSA-2025:17376	(RHSA-2025:17376) Important: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update	October 6, 2025
RHSA-2025:14919	(RHSA-2025:14919) Important: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update	September 3, 2025
RHSA-2025:10323	(RHSA-2025:10323) Important: Red Hat build of Cryostat security update	July 3, 2025
RHSA-2025:8265	(RHSA-2025:8265) Important: Red Hat build of Cryostat 4.0.1: new RHEL 9 container image security update	June 5, 2025
RHSA-2025:3503	(RHSA-2025:3503) Important: Red Hat build of Cryostat security update	April 2, 2025
RHSA-2025:0224	(RHSA-2025:0224) Important: Red Hat build of Cryostat security update	January 9, 2025
RHSA-2024:8329	(RHSA-2024:8329) Important: Red Hat build of Cryostat security update	October 22, 2024

By the Year

In 2026 there have been 0 vulnerabilities in Red Hat Cryostat. Last year, in 2025 Cryostat had 2 security vulnerabilities published. Right now, Cryostat is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	2	5.65
2024	5	6.04
2023	2	6.70

It may take a day or so for new Cryostat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Cryostat Security Vulnerabilities

Cryostat HTTP API binds to all interfaces, enabling external access
CVE-2025-8415 5.9 - Medium - August 20, 2025

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment.

Authentication Bypass by Alternate Name

serialize-javascript XSS via unsanitized regex input
CVE-2024-11831 5.4 - Medium - February 10, 2025

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

XSS

Quarkus-HTTP Cookie Parsing Vulnerability
CVE-2024-12397 7.4 - High - December 12, 2024

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

HTTP Request Smuggling

cert-manager: Denial of Service via Malicious PEM Data
CVE-2024-12401 4.4 - Medium - December 12, 2024

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

Improper Input Validation

Quarkus JAX-RS Auth Bypass via Abstract Class Methods
CVE-2023-5675 6.5 - Medium - April 25, 2024

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.

AuthZ

Memory Leak in Eclipse Vert.x TCP TLS Server via Fake SNI
CVE-2024-1300 5.4 - Medium - April 02, 2024

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

Memory Leak

Vert.x HTTP Client Memory Leak via Netty FastThreadLocal
CVE-2024-1023 6.5 - Medium - March 27, 2024

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Memory Leak

DNSSEC Signature Skipping in systemd-resolved Allows MITM (CVE-2023-7008)
CVE-2023-7008 5.9 - Medium - December 23, 2023

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Man-in-the-Middle / MITM

HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487 7.5 - High - October 10, 2023

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Cryostat or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Cryostat
Product

Red Hat Cryostat

Don't miss out!

Recent Red Hat Cryostat Security Advisories

By the Year

Recent Red Hat Cryostat Security Vulnerabilities

Cryostat HTTP API binds to all interfaces, enabling external access CVE-2025-8415 5.9 - Medium - August 20, 2025

serialize-javascript XSS via unsanitized regex input CVE-2024-11831 5.4 - Medium - February 10, 2025

Quarkus-HTTP Cookie Parsing Vulnerability CVE-2024-12397 7.4 - High - December 12, 2024

cert-manager: Denial of Service via Malicious PEM Data CVE-2024-12401 4.4 - Medium - December 12, 2024

Quarkus JAX-RS Auth Bypass via Abstract Class Methods CVE-2023-5675 6.5 - Medium - April 25, 2024

Memory Leak in Eclipse Vert.x TCP TLS Server via Fake SNI CVE-2024-1300 5.4 - Medium - April 02, 2024

Vert.x HTTP Client Memory Leak via Netty FastThreadLocal CVE-2024-1023 6.5 - Medium - March 27, 2024

DNSSEC Signature Skipping in systemd-resolved Allows MITM (CVE-2023-7008) CVE-2023-7008 5.9 - Medium - December 23, 2023

HTTP/2 DoS via Stream Reset in nginx CVE-2023-44487 7.5 - High - October 10, 2023