Redhat Openshift vulnerabilities

CVE-2021-3696 [MEDIUM] CWE-787 CVE-2021-3696: A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitr

CVE-2021-4047 [HIGH] CVE-2021-4047: The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch fo The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

CVE-2021-3636 [MEDIUM] CWE-295 CVE-2021-3636: It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Ser It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclus

CVE-2020-35514 [HIGH] CWE-266 CVE-2020-35514: An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This fl An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is

CVE-2020-14336 [MEDIUM] CWE-770 CVE-2020-14336: A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

CVE-2020-1761 [MEDIUM] CWE-358 CVE-2020-1761: A flaw was found in the OpenShift web console, where the access token is stored in the browser's loc A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

CVE-2019-19350 [HIGH] CWE-266 CVE-2019-19350: An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-se An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19349 [HIGH] CWE-266 CVE-2019-19349: An insecure modification vulnerability in the /etc/passwd file was found in the container operator-f An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-10225 [MEDIUM] CWE-522 CVE-2019-10225: A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Co A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service,

CVE-2021-20182 [HIGH] CWE-552 CVE-2021-20182: A privilege escalation flaw was found in openshift4/ose-docker-builder A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the

CVE-2020-10715 [MEDIUM] CWE-20 CVE-2020-10715: A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows a A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

CVE-2020-1759 [MEDIUM] CWE-323 CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 wher A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a

CVE-2019-19348 [HIGH] CWE-266 CVE-2019-19348: An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/ An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19346 [HIGH] CWE-266 CVE-2019-19346: An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/ An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2020-1707 [HIGH] CWE-732 CVE-2020-1707: A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an in A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19345 [HIGH] CWE-266 CVE-2019-19345: A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an ins A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2020-1709 [HIGH] CWE-732 CVE-2020-1709: A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecur A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19355 [HIGH] CWE-266 CVE-2019-19355: An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-releas An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.

CVE-2019-19351 [HIGH] CWE-266 CVE-2019-19351: An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/ An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

CVE-2019-19335 [MEDIUM] CWE-732 CVE-2019-19335: During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vu