Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat OpenShift Dev Spaces (RHOSDS) 3.24

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-12548
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 15:35
Updated-21 Jan, 2026 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Dev Spaces (RHOSDS) 3.23Red Hat OpenShift Dev Spaces (RHOSDS) 3.22Red Hat OpenShift Dev Spaces (RHOSDS) 3.24
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-9566
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.32%
||
7 Day CHG+0.02%
Published-05 Sep, 2025 | 19:54
Updated-09 Feb, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat OpenShift Dev Spaces (RHOSDS) 3.24
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')