Red Hat Openshift Data Foundation
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openshift Data Foundation.
Recent Red Hat Openshift Data Foundation Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:2172 | (RHSA-2026:2172) Red Hat OpenShift Data Foundation 4.15 security, enhancement & bug fix update | February 5, 2026 |
| RHSA-2026:2164 | (RHSA-2026:2164) Red Hat OpenShift Data Foundation 4.16 security, enhancement & bug fix update | February 5, 2026 |
| RHSA-2026:2155 | (RHSA-2026:2155) Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update | February 5, 2026 |
| RHSA-2026:2034 | (RHSA-2026:2034) Red Hat OpenShift Data Foundation 4.20 security, enhancement & bug fix update | February 5, 2026 |
| RHSA-2025:23916 | (RHSA-2025:23916) Red Hat OpenShift Data Foundation 4.18 security, enhancement & bug fix update | December 22, 2025 |
| RHSA-2025:22420 | (RHSA-2025:22420) Red Hat OpenShift Data Foundation 4.14 security, enhancement & bug fix update | December 1, 2025 |
| RHSA-2025:22418 | (RHSA-2025:22418) Red Hat OpenShift Data Foundation 4.15 security, enhancement & bug fix update | December 1, 2025 |
| RHSA-2025:22416 | (RHSA-2025:22416) Red Hat OpenShift Data Foundation 4.16 security, enhancement & bug fix update | December 1, 2025 |
| RHSA-2025:22415 | (RHSA-2025:22415) Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update | December 1, 2025 |
| RHSA-2025:21704 | (RHSA-2025:21704) Red Hat OpenShift Data Foundation 4.20 security, enhancement & bug fix update | November 18, 2025 |
By the Year
In 2026 there have been 1 vulnerability in Red Hat Openshift Data Foundation with an average score of 6.4 out of ten. Last year, in 2025 Openshift Data Foundation had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Openshift Data Foundation in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.50.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.40 |
| 2025 | 2 | 5.90 |
| 2024 | 6 | 6.67 |
| 2023 | 2 | 5.90 |
| 2022 | 1 | 0.00 |
| 2021 | 1 | 9.10 |
It may take a day or so for new Openshift Data Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Data Foundation Security Vulnerabilities
RedHat Multi-Cloud Object Gateway Core PrivEsc via /etc/passwd
CVE-2025-8766
6.4 - Medium
- March 13, 2026
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
Incorrect Default Permissions
Operator SDK <0.15.2 RCE via insecure user_setup /etc/passwd
CVE-2025-7195
6.4 - Medium
- August 07, 2025
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
serialize-javascript XSS via unsanitized regex input
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
cert-manager: Denial of Service via Malicious PEM Data
CVE-2024-12401
4.4 - Medium
- December 12, 2024
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Improper Input Validation
Uninitialized Buffer in Go FIPS OpenSSL May Cause False HMAC Match
CVE-2024-9355
6.5 - Medium
- October 01, 2024
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Use of Uninitialized Variable
Privileged Container Exec via RBAC in Submariner (CVE-2024-5042)
CVE-2024-5042
6.6 - Medium
- May 17, 2024
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Execution with Unnecessary Privileges
Memory Leak in Go RSA (golang-fips/openssl) Leads to Resource Exhaustion
CVE-2024-1394
7.5 - High
- March 21, 2024
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Memory Leak
GnuTLS: DoS via Faulty Certificate Chain Validation in Cockpit
CVE-2024-0567
7.5 - High
- January 16, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Improper Verification of Cryptographic Signature
GnuTLS timing attack via RSA-PSK ClientKeyExchange (CVE-2024-0553)
CVE-2024-0553
7.5 - High
- January 16, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Side Channel Attack
OpenSSH <9.6 BPP handshake flaw allows integrity bypass (Terrapin attack)
CVE-2023-48795
5.9 - Medium
- December 18, 2023
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Improper Validation of Integrity Check Value
OpenSSL RSA-PSK ClientKeyExchange timing side channel
CVE-2023-5981
5.9 - Medium
- November 28, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Side Channel Attack
Key-Length Flaw in RHEL Ceph Storage Encrypts Disk with Weak Keys
CVE-2021-3979
- August 25, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Use of a Broken or Risky Cryptographic Algorithm
An out-of-bounds read flaw was found in the CLARRV
CVE-2021-4048
9.1 - Critical
- December 08, 2021
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Data Foundation or by Red Hat? Click the Watch button to subscribe.
