Redhat Openshift Container Platform vulnerabilities

CVE-2021-20194 [HIGH] CWE-20 CVE-2021-20194: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with confi There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_get

CVE-2021-20188 [HIGH] CWE-863 CVE-2021-20188: A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the containe

CVE-2020-27846 [CRITICAL] CWE-115 CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypas A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27781 [HIGH] CWE-522 CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack proj

CVE-2020-27777 [MEDIUM] CWE-862 CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

CVE-2020-27786 [HIGH] CWE-416 CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local accoun A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege e

CVE-2020-27816 [MEDIUM] CWE-601 CVE-2020-27816: The elasticsearch-operator does not validate the namespace where kibana logging resource is created The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging c

CVE-2020-10763 [MEDIUM] CWE-532 CVE-2020-10763: An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

CVE-2020-25660 [HIGH] CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by t

CVE-2020-14370 [MEDIUM] CWE-212 CVE-2020-14370: An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Whe An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control ov

CVE-2020-15706 [MEDIUM] CWE-362 CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnera GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15707 [MEDIUM] CWE-362 CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efili Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command

CVE-2020-15705 [MEDIUM] CWE-347 CVE-2020-15705: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions

CVE-2020-14298 [HIGH] CVE-2020-14298: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. Th

CVE-2020-10752 [HIGH] CWE-522 CVE-2020-10752: A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.

CVE-2020-7013 [HIGH] CWE-94 CVE-2020-7013: Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

CVE-2020-10749 [MEDIUM] CWE-300 CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the maliciou

CVE-2020-1741 [MEDIUM] CWE-185 CVE-2020-1741: A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnera

CVE-2020-1760 [MEDIUM] CWE-79 CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVE-2020-10712 [HIGH] CWE-532 CVE-2020-10712: A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was fo A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.