Redhat Openshift Container Platform vulnerabilities

CVE-2019-10356 [HIGH] CVE-2019-10356: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CVE-2019-10355 [HIGH] CWE-704 CVE-2019-10355: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

CVE-2019-10357 [MEDIUM] CWE-862 CVE-2019-10357: A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allo A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

CVE-2019-10165 [LOW] CWE-532 CVE-2019-10165: OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

CVE-2019-14379 [CRITICAL] CWE-1321 CVE-2019-14379: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when eh SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

CVE-2019-1010238 [CRITICAL] CWE-787 CVE-2019-1010238: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer ove Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to funct

CVE-2019-10354 [MEDIUM] CWE-862 CVE-2019-10354: A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earl A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

CVE-2019-3889 [MEDIUM] CWE-79 CVE-2019-3889: A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.

CVE-2018-11307 [CRITICAL] CWE-502 CVE-2018-11307: An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default ty An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

CVE-2019-10150 [MEDIUM] CWE-287 CVE-2019-10150: It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

CVE-2019-2698 [HIGH] CVE-2019-2698: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This

CVE-2019-2602 [HIGH] CWE-400 CVE-2019-2602: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.

CVE-2019-2684 [MEDIUM] CVE-2019-2684: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-3899 [CRITICAL] CWE-592 CVE-2019-3899: It was found that default configuration of Heketi does not require any authentication potentially ex It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.

CVE-2019-11244 [MEDIUM] CWE-524 CVE-2019-11244: In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache- In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups

CVE-2019-1003049 [HIGH] CVE-2019-1003049: Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

CVE-2019-1003050 [MEDIUM] CWE-79 CVE-2019-1003050: The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.1 The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.

CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are

CVE-2019-3876 [MEDIUM] CWE-352 CVE-2019-3876: A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.

CVE-2019-1002100 [MEDIUM] CWE-770 CVE-2019-1002100: In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a