Redhat Openshift Container Platform vulnerabilities

CVE-2022-27649 [HIGH] CWE-276 CVE-2022-27649: A flaw was found in Podman, where containers were started incorrectly with non-empty default permiss A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate

CVE-2021-20238 [LOW] CWE-287 CVE-2021-20238: It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Se It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios whe

CVE-2021-3609 [HIGH] CWE-362 CVE-2021-3609: .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

CVE-2022-0711 [HIGH] CWE-835 CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. Th A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

CVE-2021-3631 [MEDIUM] CWE-732 CVE-2021-3631: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. T A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVE-2021-3560 [HIGH] CWE-863 CVE-2021-3560: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, e It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as

CVE-2022-0532 [MEDIUM] CWE-732 CVE-2022-0532: An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-3529 [HIGH] CWE-79 CVE-2021-3529: A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitr A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. T

CVE-2020-14336 [MEDIUM] CWE-770 CVE-2020-14336: A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

CVE-2020-10743 [MEDIUM] CWE-358 CVE-2020-10743: It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

CVE-2021-20297 [MEDIUM] CWE-20 CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a pr A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

CVE-2020-27833 [HIGH] CWE-20 CVE-2020-27833: A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file wri A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows furthe

CVE-2021-20291 [MEDIUM] CWE-667 CVE-2021-20291: A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Whe A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which neve

CVE-2019-19352 [HIGH] CWE-266 CVE-2019-19352: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/p An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19353 [HIGH] CWE-266 CVE-2019-19353: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2019-19354 [HIGH] CWE-266 CVE-2019-19354: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVE-2021-20270 [HIGH] CWE-835 CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when pe An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2019-10200 [HIGH] CWE-284 CVE-2019-10200: A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to crea A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. Wi

CVE-2019-10225 [MEDIUM] CWE-522 CVE-2019-10225: A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Co A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service,