Redhat Openshift Container Platform vulnerabilities

CVE-2020-27827 [HIGH] CWE-400 CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memor A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2021-20218 [HIGH] CWE-22 CVE-2021-20218: A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a mal A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes

CVE-2021-3344 [HIGH] CWE-522 CVE-2021-3344: A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside t A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registri

CVE-2020-25639 [MEDIUM] CWE-476 CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

CVE-2021-20182 [HIGH] CWE-552 CVE-2021-20182: A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs wit A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate th

CVE-2021-20194 [HIGH] CWE-20 CVE-2021-20194: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with confi There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_get

CVE-2021-20188 [HIGH] CWE-863 CVE-2021-20188: A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the containe

CVE-2020-27846 [CRITICAL] CWE-115 CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypas A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27781 [HIGH] CWE-522 CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack proj

CVE-2020-27777 [MEDIUM] CWE-862 CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

CVE-2020-27786 [HIGH] CWE-416 CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local accoun A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege e

CVE-2020-27816 [MEDIUM] CWE-601 CVE-2020-27816: The elasticsearch-operator does not validate the namespace where kibana logging resource is created The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging c

CVE-2020-10763 [MEDIUM] CWE-532 CVE-2020-10763: An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

CVE-2020-25660 [HIGH] CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by t

CVE-2020-14370 [MEDIUM] CWE-212 CVE-2020-14370: An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Whe An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control ov

CVE-2020-15706 [MEDIUM] CWE-362 CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnera GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15707 [MEDIUM] CWE-362 CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efili Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command

CVE-2020-15705 [MEDIUM] CWE-347 CVE-2020-15705: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions

CVE-2020-14298 [HIGH] CVE-2020-14298: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. Th

CVE-2020-10752 [HIGH] CWE-522 CVE-2020-10752: A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.