SB2025120353 - Multiple vulnerabilities in Red Hat OpenShift Data Foundation 4.14
Published: December 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2022-0155)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2022-0536)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
3) Inefficient regular expression complexity (CVE-ID: CVE-2025-5889)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
4) Incorrect default permissions (CVE-ID: CVE-2025-7195)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due the user_setup script set insecure permissions for the /etc/passwd file. A local user with ability to execute commands within an affected container can escalate privileges on the system.
Remediation
Install update from vendor's website.