Red%20Hat%20Developer%20Hub Details

CVE-2025-8556

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-3.7||LOW

EPSS-0.02% / 4.13%

||

7 Day CHG~0.00%

Published-06 Aug, 2025 | 08:48

Updated-06 Aug, 2025 | 20:24

Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CVE-2024-11831

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-5.4||MEDIUM

EPSS-0.52% / 65.87%

||

7 Day CHG~0.00%

Published-10 Feb, 2025 | 15:27

Updated-20 Aug, 2025 | 22:34

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Vendor-Red Hat, Inc.

Product-Red Hat OpenShift Container Platform 3.11 Red Hat Advanced Cluster Security 4.4 RHODF-4.18-RHEL-9 Logging Subsystem for Red Hat OpenShift Red Hat Ceph Storage 8 Red Hat Process Automation 7 RHODF-4.16-RHEL-9 Red Hat JBoss Enterprise Application Platform 7 OpenShift Service Mesh 2 Migration Toolkit for Virtualization Red Hat Fuse 7 OpenShift Lightspeed Red Hat Enterprise Linux 10 Red Hat Trusted Profile Analyzer Red Hat Discovery 1 Red Hat Quay 3 Red Hat Satellite 6 Cryostat 3 Red Hat OpenShift Dev Spaces Red Hat JBoss Enterprise Application Platform 8 RHODF-4.14-RHEL-9 Red Hat Ansible Automation Platform 2 Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat Data Grid 8 Red Hat Enterprise Linux 8 RHODF-4.15-RHEL-9 Red Hat Enterprise Linux 9 Red Hat 3scale API Management Platform 2 RHODF-4.17-RHEL-9 Red Hat Advanced Cluster Security 4.5 Red Hat build of OptaPlanner 8 Red Hat Developer Hub .NET 6.0 on Red Hat Enterprise Linux Red Hat OpenShift distributed tracing 3 Red Hat Single Sign-On 7 Red Hat OpenShift AI (RHOAI)Red Hat Advanced Cluster Management for Kubernetes 2 Red Hat OpenShift Container Platform 4 Red Hat Ceph Storage 7 OpenShift Serverless Red Hat build of Apicurio Registry 2 Red Hat build of Apache Camel - HawtIO 4 Red Hat Advanced Cluster Security 4 OpenShift Pipelines Red Hat Integration Camel K 1

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-6717

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-6||MEDIUM

EPSS-0.07% / 20.46%

||

7 Day CHG~0.00%

Published-25 Apr, 2024 | 16:02

Updated-26 Aug, 2025 | 06:25

Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-1249

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-7.4||HIGH

EPSS-0.13% / 33.32%

||

7 Day CHG~0.00%

Published-17 Apr, 2024 | 13:22

Updated-07 Aug, 2025 | 12:08

Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

CWE ID-CWE-346

Origin Validation Error

CVE-2023-6944

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-5.7||MEDIUM

EPSS-0.15% / 35.99%

||

7 Day CHG~0.00%

Published-04 Jan, 2024 | 10:02

Updated-17 Jun, 2025 | 20:29

Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

Vendor-Red Hat, Inc.The Linux Foundation

Product-backstage red_hat_developer_hub Red Hat Developer Hub

CWE ID-CWE-209

Generation of Error Message Containing Sensitive Information

Red Hat Developer Hub

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -