Redhat Openshift Container Platform vulnerabilities

CVE-2021-3560 [HIGH] CWE-863 CVE-2021-3560: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, e It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as

CVE-2022-0532 [MEDIUM] CWE-732 CVE-2022-0532: An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-3529 [HIGH] CWE-79 CVE-2021-3529: A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitr A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. T

CVE-2020-14336 [MEDIUM] CWE-770 CVE-2020-14336: A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

CVE-2020-10743 [MEDIUM] CWE-358 CVE-2020-10743: It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

CVE-2021-20297 [MEDIUM] CWE-20 CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a pr A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

CVE-2020-27833 [HIGH] CWE-20 CVE-2020-27833: A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file wri A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows furthe

CVE-2021-20291 [MEDIUM] CWE-667 CVE-2021-20291: A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Whe A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which neve

CVE-2019-19352 [HIGH] CWE-266 CVE-2019-19352: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/p An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19353 [HIGH] CWE-266 CVE-2019-19353: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19354 [HIGH] CWE-266 CVE-2019-19354: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2021-20270 [HIGH] CWE-835 CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when pe An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2019-10200 [HIGH] CWE-284 CVE-2019-10200: A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to crea A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. Wi

CVE-2019-10225 [MEDIUM] CWE-522 CVE-2019-10225: A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Co A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service,

CVE-2020-27827 [HIGH] CWE-400 CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memor A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2021-20218 [HIGH] CWE-22 CVE-2021-20218: A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a mal A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes

CVE-2021-3344 [HIGH] CWE-522 CVE-2021-3344: A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside t A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registri

CVE-2020-25639 [MEDIUM] CWE-476 CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

CVE-2021-20182 [HIGH] CWE-552 CVE-2021-20182: A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs wit A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate th