Red Hat Atomic-Openshift vulnerabilities

CVE-2019-10225 [MEDIUM] CWE-522 CVE-2019-10225: A flaw was found in atomic-openshift of openshift-4 A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

CVE-2019-3884 [MEDIUM] CWE-290 CVE-2019-3884: A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spo A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

CVE-2019-3889 [MEDIUM] CWE-79 CVE-2019-3889: A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.

CVE-2018-14632 [HIGH] CWE-787 CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.