Redhat Openshift Container Platform vulnerabilities

CVE-2020-11100 [HIGH] CWE-787 CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a r In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

CVE-2020-1712 [HIGH] CWE-416 CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

CVE-2020-10696 [HIGH] CWE-22 CVE-2020-10696: A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker t A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

CVE-2020-1706 [HIGH] CWE-732 CVE-2020-1706: It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privil

CVE-2019-14892 [CRITICAL] CWE-200 CVE-2019-14892: A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVE-2020-8945 [HIGH] CWE-416 CVE-2020-8945: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated b The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

CVE-2019-19921 [HIGH] CWE-706 CVE-2019-19921: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that hap

CVE-2020-1726 [MEDIUM] CWE-552 CVE-2020-1726: A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite exi A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite fil

CVE-2020-1708 [HIGH] CWE-266 CVE-2020-1708: It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4. It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their

CVE-2019-14819 [HIGH] CWE-266 CVE-2019-14819: A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using C A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

CVE-2019-14854 [MEDIUM] CWE-117 CVE-2019-14854: OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

CVE-2019-13734 [HIGH] CWE-787 CVE-2019-13734: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-11255 [MEDIUM] CWE-20 CVE-2019-11255: Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and re

CVE-2019-10214 [MEDIUM] CWE-522 CVE-2019-10214: The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Ente The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer

CVE-2019-10213 [MEDIUM] CWE-117 CVE-2019-10213: OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod log OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

CVE-2019-14891 [MEDIUM] CWE-460 CVE-2019-14891: A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

CVE-2018-12207 [MEDIUM] CWE-20 CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel( Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2019-10223 [MEDIUM] CWE-200 CVE-2019-10223: A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimenta A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature c

CVE-2019-11253 [HIGH] CWE-20 CVE-2019-11253: Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy author

CVE-2019-14287 [HIGH] CWE-755 CVE-2019-14287: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain poli In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.