All the vulnerabilites related to Red Hat - Red Hat OpenShift Container Platform 4
cve-2023-3153
Vulnerability from cvelistv5
Published
2023-10-04 11:13
Modified
2024-09-19 14:25
Severity ?
EPSS score ?
Summary
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | ovn | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:07.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3153" }, { "name": "RHBZ#2213279", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ovn-org/ovn/issues/198" }, { "tags": [ "x_transferred" ], "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html" }, { "tags": [ "x_transferred" ], "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3153", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T14:24:33.931307Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T14:25:08.613Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ovn", "vendor": "n/a", "versions": [ { "status": "unaffected", "version": "22.12.1" }, { "status": "unaffected", "version": "22.03.3" }, { "status": "unaffected", "version": "23.06.1" }, { "status": "unaffected", "version": "23.03.1" }, { "status": "unaffected", "version": "22.09.2" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn21.09", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn21.12", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn22.06", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn22.09", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ovn23.03", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:13" ], "defaultStatus": "unknown", "packageName": "ovn2.11", "product": "Red Hat OpenStack Platform 13 (Queens)", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "ovn", "product": "Fedora", "vendor": "Fedora" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Ales Musil (Red Hat)." } ], "datePublic": "2023-06-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T11:13:40.083Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3153" }, { "name": "RHBZ#2213279", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279" }, { "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd" }, { "url": "https://github.com/ovn-org/ovn/issues/198" }, { "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html" }, { "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html" } ], "timeline": [ { "lang": "en", "time": "2023-06-07T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-06-07T00:00:00+00:00", "value": "Made public." } ], "title": "Service monitor mac flow is not rate limited", "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3153", "datePublished": "2023-10-04T11:13:40.083Z", "dateReserved": "2023-06-07T18:04:42.140Z", "dateUpdated": "2024-09-19T14:25:08.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0793
Vulnerability from cvelistv5
Published
2024-11-17 10:45
Modified
2024-11-17 16:16
Severity ?
EPSS score ?
Summary
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0741 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1267 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-0793 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2214402 | issue-tracking, x_refsource_REDHAT | |
https://github.com/openshift/kubernetes/pull/1876 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0793", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-17T16:16:32.204219Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-17T16:16:49.847Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/kubernetes", "defaultStatus": "unaffected", "packageName": "kube-controller-manager", "versions": [ { "lessThan": "1.27", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "baremetal-machine-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "cluster-etcd-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "cluster-monitoring-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "cluster-network-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "cluster-node-tuning-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "cluster-version-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "configmap-reload-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "coredns-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-attacher-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-driver-manila-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-driver-manila-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-driver-nfs-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-livenessprobe-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-node-driver-registrar-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "csi-provisioner-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "driver-toolkit-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ibm-vpc-node-label-updater-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ironic-rhcos-downloader-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "kube-proxy-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "kube-rbac-proxy-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "kube-state-metrics-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "marketplace-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "multus-cni-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "oauth-server-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "oc-mirror-plugin-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-cli-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-console-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-console-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-deployer-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-haproxy-router-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-hyperkube-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-keepalived-ipfailover-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-pod-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-registry-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-enterprise-tests-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "openshift-state-metrics-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "operator-lifecycle-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "operator-registry-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-agent-installer-api-server-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-agent-installer-csr-approver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-agent-installer-node-agent-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-agent-installer-orchestrator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-alibaba-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-alibaba-cloud-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-alibaba-disk-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-alibaba-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-apiserver-network-proxy-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-aws-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-aws-cluster-api-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-aws-ebs-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-aws-ebs-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-aws-pod-identity-webhook-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-cloud-node-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-cluster-api-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-disk-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-disk-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-file-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-azure-file-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-baremetal-installer-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-baremetal-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-baremetal-runtimecfg-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cli-artifacts-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cloud-credential-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cloud-network-config-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-api-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-authentication-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-autoscaler-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-baremetal-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-bootstrap-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-capi-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-cloud-controller-manager-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-config-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-control-plane-machine-set-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-csi-snapshot-controller-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-dns-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-image-registry-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-ingress-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-kube-apiserver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-kube-cluster-api-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-kube-controller-manager-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-kube-scheduler-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-kube-storage-version-migrator-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-machine-approver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-openshift-apiserver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-openshift-controller-manager-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-ovirt-csi-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-platform-operators-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-policy-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-storage-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-cluster-update-keys-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-containernetworking-plugins-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-driver-shared-resource-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-driver-shared-resource-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-driver-shared-resource-webhook-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-external-resizer-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-external-snapshotter-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-snapshot-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-csi-snapshot-validation-webhook-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-egress-router-cni-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-etcd-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-gcp-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-gcp-cluster-api-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-gcp-pd-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-gcp-pd-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-hypershift-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ibmcloud-cluster-api-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ibm-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ibmcloud-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ibm-vpc-block-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ibm-vpc-block-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-image-customization-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-insights-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-installer-artifacts-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-installer-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-kube-storage-version-migrator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-kubevirt-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-kubevirt-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-libvirt-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-api-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-api-provider-aws-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-api-provider-azure-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-api-provider-gcp-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-api-provider-openstack-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-config-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-machine-os-images-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-multus-admission-controller-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-multus-networkpolicy-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-must-gather-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-network-interface-bond-cni-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-network-metrics-daemon-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-network-tools-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-node-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-nutanix-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-nutanix-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-oauth-apiserver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-olm-rukpak-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-openshift-apiserver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-openshift-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-openstack-cinder-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-openstack-cinder-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-openstack-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ovirt-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ovirt-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-ovn-kubernetes-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-powervs-block-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-powervs-block-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-powervs-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-powervs-machine-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-prometheus-adapter-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-route-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-service-ca-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-thanos-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-tools-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-vmware-vsphere-csi-driver-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-vmware-vsphere-csi-driver-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-vsphere-cloud-controller-manager-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-vsphere-cluster-api-controllers-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ose-vsphere-problem-detector-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "ovn-kubernetes-microshift-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "prometheus-config-reloader-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "prometheus-operator-admission-webhook-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "prometheus-operator-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "telemeter-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "unaffected", "packageName": "vmware-vsphere-syncer-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.12.0-202403042037.p0.g9946c63.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Mikel Duke (USAA) for reporting this issue." } ], "datePublic": "2024-02-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-17T10:45:50.457Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0741", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0741" }, { "name": "RHSA-2024:1267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1267" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0793" }, { "name": "RHBZ#2214402", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214402" }, { "url": "https://github.com/openshift/kubernetes/pull/1876" } ], "timeline": [ { "lang": "en", "time": "2023-06-12T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Made public." } ], "title": "Kube-controller-manager: malformed hpa v1 manifest causes crash", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-20: Improper Input Validation" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0793", "datePublished": "2024-11-17T10:45:50.457Z", "dateReserved": "2024-01-22T21:32:10.068Z", "dateUpdated": "2024-11-17T16:16:49.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6476
Vulnerability from cvelistv5
Published
2024-01-09 21:32
Modified
2024-11-24 11:54
Severity ?
EPSS score ?
Summary
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0195 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0207 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6476 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253994 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected: 0:1.26.4-6.1.rhaos4.13.git9eb9cf3.el9 < * cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0195" }, { "name": "RHSA-2024:0207", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0207" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6476" }, { "name": "RHBZ#2253994", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253994" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.4-6.1.rhaos4.13.git9eb9cf3.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.2-7.rhaos4.14.git1cc7a64.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" } ], "datePublic": "2024-01-09T21:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T11:54:48.596Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0195" }, { "name": "RHSA-2024:0207", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0207" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6476" }, { "name": "RHBZ#2253994", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253994" } ], "timeline": [ { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-09T21:00:00+00:00", "value": "Made public." } ], "title": "Cri-o: pods are able to break out of resource confinement on cgroupv2", "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6476", "datePublished": "2024-01-09T21:32:03.407Z", "dateReserved": "2023-12-04T06:23:22.231Z", "dateUpdated": "2024-11-24T11:54:48.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7409
Vulnerability from cvelistv5
Published
2024-08-05 13:19
Modified
2024-12-12 03:50
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020240905091210.489197e6 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7409", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-06T20:16:55.295801Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-06T20:17:14.655Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "virt-devel:rhel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240905091210.489197e6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "virt:rhel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240905091210.489197e6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "qemu-kvm", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "17:9.0.0-10.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "qemu-kvm", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "17:7.2.0-14.el9_2.14", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream" ], "defaultStatus": "affected", "packageName": "qemu-kvm", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "17:8.2.0-11.el9_4.8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "413.92.202411212100-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "413.92.202409180051-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "414.92.202411130444-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202409162258-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202411050056-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "416.94.202411261619-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "417.94.202411261220-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "qemu-kvm", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "qemu-kvm", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "qemu-kvm-ma", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_virtualization:8::el8" ], "defaultStatus": "affected", "packageName": "virt:8.2/qemu-kvm", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_virtualization:8::el8" ], "defaultStatus": "affected", "packageName": "virt:av/qemu-kvm", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_virtualization:8::el8" ], "defaultStatus": "affected", "packageName": "virt-devel:8.2/qemu-kvm", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_virtualization:8::el8" ], "defaultStatus": "affected", "packageName": "virt-devel:av/qemu-kvm", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "vendor": "Red Hat" } ], "datePublic": "2024-08-02T11:05:09+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-662", "description": "Improper Synchronization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-12T03:50:24.208Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10518", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10518" }, { "name": "RHSA-2024:10528", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10528" }, { "name": "RHSA-2024:10813", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10813" }, { "name": "RHSA-2024:6811", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6811" }, { "name": "RHSA-2024:6818", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6818" }, { "name": "RHSA-2024:6964", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6964" }, { "name": "RHSA-2024:7408", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7408" }, { "name": "RHSA-2024:8991", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8991" }, { "name": "RHSA-2024:9136", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9136" }, { "name": "RHSA-2024:9620", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9620" }, { "name": "RHSA-2024:9912", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9912" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7409" }, { "name": "RHBZ#2302487", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302487" } ], "timeline": [ { "lang": "en", "time": "2024-08-02T10:54:41+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-08-02T11:05:09+00:00", "value": "Made public." } ], "title": "Qemu: denial of service via improper synchronization in qemu nbd server during socket closure", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-662: Improper Synchronization" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-7409", "datePublished": "2024-08-05T13:19:27.498Z", "dateReserved": "2024-08-02T12:25:13.211Z", "dateUpdated": "2024-12-12T03:50:24.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0874
Vulnerability from cvelistv5
Published
2024-04-25 16:22
Modified
2024-12-01 22:02
Severity ?
EPSS score ?
Summary
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0041 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4850 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6009 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6406 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-0874 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2219234 | issue-tracking, x_refsource_REDHAT | |
https://github.com/coredns/coredns/issues/6186 | ||
https://github.com/coredns/coredns/pull/6354 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0874", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-13T20:18:31.995445Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-13T20:18:37.906Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0041", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0041" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0874" }, { "name": "RHBZ#2219234", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234" }, { "tags": [ "x_transferred" ], "url": "https://github.com/coredns/coredns/issues/6186" }, { "tags": [ "x_transferred" ], "url": "https://github.com/coredns/coredns/pull/6354" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/coredns/coredns", "defaultStatus": "unaffected", "packageName": "coredns", "versions": [ { "lessThan": "1.11.2", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-coredns", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-coredns", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-coredns-rhel9", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202407230407.p0.g1326282.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-coredns-rhel9", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "unaffected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/lighthouse-agent-rhel8", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Petr Mensik (Red Hat)." } ], "datePublic": "2023-07-03T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-524", "description": "Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-01T22:02:18.288Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0041", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0041" }, { "name": "RHSA-2024:4850", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4850" }, { "name": "RHSA-2024:6009", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6009" }, { "name": "RHSA-2024:6406", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6406" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0874" }, { "name": "RHBZ#2219234", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234" }, { "url": "https://github.com/coredns/coredns/issues/6186" }, { "url": "https://github.com/coredns/coredns/pull/6354" } ], "timeline": [ { "lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Made public." } ], "title": "Coredns: cd bit response is cached and served later", "x_redhatCweChain": "CWE-524: Use of Cache Containing Sensitive Information" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0874", "datePublished": "2024-04-25T16:22:44.182Z", "dateReserved": "2024-01-24T23:42:08.424Z", "dateUpdated": "2024-12-01T22:02:18.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7079
Vulnerability from cvelistv5
Published
2024-07-24 15:51
Modified
2024-12-03 20:22
Severity ?
EPSS score ?
Summary
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-7079 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2299678 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 3.11 |
cpe:/a:redhat:openshift:3.11 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7079", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T18:09:26.434060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T18:09:33.310Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:30.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7079" }, { "name": "RHBZ#2299678", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "openshift3/ose-console", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Thibault Guittet (Red Hat)." } ], "datePublic": "2024-07-24T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user\u0027s credentials. As a result, unauthenticated users can access this endpoint." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-03T20:22:49.051Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7079" }, { "name": "RHBZ#2299678", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678" } ], "timeline": [ { "lang": "en", "time": "2024-07-24T13:07:17+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-24T00:00:00+00:00", "value": "Made public." } ], "title": "Openshift-console: unauthenticated installation of helm charts", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-7079", "datePublished": "2024-07-24T15:51:36.331Z", "dateReserved": "2024-07-24T13:29:26.277Z", "dateUpdated": "2024-12-03T20:22:49.051Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-52615
Vulnerability from cvelistv5
Published
2024-11-21 20:34
Modified
2024-11-24 21:11
Severity ?
EPSS score ?
Summary
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-52615 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2326418 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52615", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-21T21:06:27.515199Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-21T21:12:09.339Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/avahi/avahi/", "defaultStatus": "unaffected", "packageName": "avahi", "versions": [ { "lessThan": "0.9", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "avahi", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "avahi", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-11-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "Use of Insufficiently Random Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T21:11:51.283Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-52615" }, { "name": "RHBZ#2326418", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326418" } ], "timeline": [ { "lang": "en", "time": "2024-11-15T08:39:36.023000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-15T00:00:00+00:00", "value": "Made public." } ], "title": "Avahi: avahi wide-area dns uses constant source port", "x_redhatCweChain": "CWE-330: Use of Insufficiently Random Values" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-52615", "datePublished": "2024-11-21T20:34:00.981Z", "dateReserved": "2024-11-15T08:38:03.183Z", "dateUpdated": "2024-11-24T21:11:51.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2905
Vulnerability from cvelistv5
Published
2024-04-25 17:44
Modified
2024-11-24 15:24
Severity ?
EPSS score ?
Summary
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:3401 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3823 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-2905 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2271585 | issue-tracking, x_refsource_REDHAT | |
https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:2024.3-3.el9_4 < * cpe:/a:redhat:enterprise_linux:9::appstream |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2905", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T19:10:45.667596Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:29:28.680Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.154Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:3401", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3401" }, { "name": "RHSA-2024:3823", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3823" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2905" }, { "name": "RHBZ#2271585", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585" }, { "tags": [ "x_transferred" ], "url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "rpm-ostree", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2024.3-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "rpm-ostree", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2023.3-2.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "rpm-ostree", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rpm-ostree", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-04-09T11:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T15:24:31.882Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:3401", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3401" }, { "name": "RHSA-2024:3823", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3823" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2905" }, { "name": "RHBZ#2271585", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271585" }, { "url": "https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6" } ], "timeline": [ { "lang": "en", "time": "2024-03-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-09T11:00:00+00:00", "value": "Made public." } ], "title": "Rpm-ostree: world-readable /etc/shadow file", "workarounds": [ { "lang": "en", "value": "If you need to apply the fix immediately, you can run the following commands, using credentials that have administrator access to an OpenShift cluster:\n\n# List current permissions for all nodes\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- bash -c \"ls -alhZ /host/etc/*shadow*\"; done\n\n# Set correct permissions\nfor node in $( oc get nodes -oname) ; do echo $node ; oc debug $node -- chmod --verbose 0000 /host/etc/shadow /host/etc/gshadow /host/etc/shadow- /host/etc/gshadow-; done\n\nAs a precaution, we recommend rotating all user credentials stored in those files." } ], "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-2905", "datePublished": "2024-04-25T17:44:15.985Z", "dateReserved": "2024-03-26T11:53:25.040Z", "dateUpdated": "2024-11-24T15:24:31.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5366
Vulnerability from cvelistv5
Published
2023-10-06 17:43
Modified
2024-08-02 07:59
Severity ?
EPSS score ?
Summary
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | openvswitch | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:43.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5366" }, { "name": "RHBZ#2006347", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/08/4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "openvswitch", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.10", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.11", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.12", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.13", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.15", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.11", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.12", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.13", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.15", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch2.16", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.17", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch3.1", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch2.17", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "unknown", "packageName": "openvswitch3.0", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "openvswitch3.1", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "openvswitch", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "openvswitch-ovn-kubernetes", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unknown", "packageName": "openvswitch2.15", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openvswitch2.16", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openvswitch2.17", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openvswitch3.0", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openvswitch3.1", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.1" ], "defaultStatus": "unaffected", "packageName": "rhosp-openvswitch", "product": "Red Hat OpenStack Platform 16.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "rhosp-openvswitch", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/:redhat:enterprise_linux:::hypervisor" ], "defaultStatus": "affected", "packageName": "openvswitch2.11", "product": "Red Hat Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/:redhat:enterprise_linux:::hypervisor" ], "defaultStatus": "affected", "packageName": "redhat-virtualization-host", "product": "Red Hat Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "openvswitch", "product": "Fedora", "vendor": "Fedora" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat)." } ], "datePublic": "2023-09-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-06T17:43:34.376Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5366" }, { "name": "RHBZ#2006347", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/08/4" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/" } ], "timeline": [ { "lang": "en", "time": "2021-09-21T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-26T00:00:00+00:00", "value": "Made public." } ], "title": "Openvswitch don\u0027t match packets on nd_target field", "x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-5366", "datePublished": "2023-10-06T17:43:34.376Z", "dateReserved": "2023-10-03T19:14:58.793Z", "dateUpdated": "2024-08-02T07:59:43.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6596
Vulnerability from cvelistv5
Published
2024-04-25 16:00
Modified
2024-11-24 12:13
Severity ?
EPSS score ?
Summary
An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0485 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0682 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6596 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253521 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4.11 |
Unaffected: v4.11.0-202401301508.p0.g5ea0428.assembly.stream < * cpe:/a:redhat:openshift:4.11::el8 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6596", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T14:09:02.835764Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T14:09:16.831Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0485", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0485" }, { "name": "RHSA-2024:0682", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0682" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6596" }, { "name": "RHBZ#2253521", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253521" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.11::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-lifecycle-manager", "product": "Red Hat OpenShift Container Platform 4.11", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.11.0-202401301508.p0.g5ea0428.assembly.stream", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-operator-lifecycle-manager", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.12.0-202401190520.p0.g4b287bd.assembly.stream", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-olm-rukpak-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-01-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T12:13:24.976Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0485", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0485" }, { "name": "RHSA-2024:0682", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0682" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6596" }, { "name": "RHBZ#2253521", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253521" } ], "timeline": [ { "lang": "en", "time": "2023-12-07T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-04T00:00:00+00:00", "value": "Made public." } ], "title": "Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)", "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6596", "datePublished": "2024-04-25T16:00:24.215Z", "dateReserved": "2023-12-07T20:41:47.625Z", "dateUpdated": "2024-11-24T12:13:24.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0406
Vulnerability from cvelistv5
Published
2024-04-06 16:11
Modified
2024-08-20 16:27
Severity ?
EPSS score ?
Summary
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-0406 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2257749 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: v3.0.0 < * Patch: v4.0.0 |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0406", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T19:56:01.225454Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:38.198Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:04:49.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0406" }, { "name": "RHBZ#2257749", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/mholt/archiver", "defaultStatus": "unaffected", "packageName": "archiver", "versions": [ { "lessThan": "*", "status": "affected", "version": "v3.0.0", "versionType": "custom" }, { "lessThan": "*", "status": "unaffected", "version": "v4.0.0", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:3" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "product": "Red Hat Advanced Cluster Security 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4" ], "defaultStatus": "unaffected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4" ], "defaultStatus": "unaffected", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4" ], "defaultStatus": "unaffected", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/oc-mirror-plugin-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Stefan Cornelius (Red Hat)." } ], "datePublic": "2024-01-31T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user\u0027s or application\u0027s privileges using the library." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-20T16:27:24.235Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0406" }, { "name": "RHBZ#2257749", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749" } ], "timeline": [ { "lang": "en", "time": "2024-01-10T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-31T00:00:00+00:00", "value": "Made public." } ], "title": "Mholt/archiver: path traversal vulnerability", "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0406", "datePublished": "2024-04-06T16:11:02.643Z", "dateReserved": "2024-01-10T18:18:28.288Z", "dateUpdated": "2024-08-20T16:27:24.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2182
Vulnerability from cvelistv5
Published
2024-03-12 16:18
Modified
2024-11-15 15:29
Severity ?
EPSS score ?
Summary
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 20.03.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2182", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-13T14:24:40.610508Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:21.535Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:03:39.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/12/5" }, { "name": "RHSA-2024:1385", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1385" }, { "name": "RHSA-2024:1386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1386" }, { "name": "RHSA-2024:1387", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1387" }, { "name": "RHSA-2024:1388", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1388" }, { "name": "RHSA-2024:1390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1390" }, { "name": "RHSA-2024:1391", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1391" }, { "name": "RHSA-2024:1392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1392" }, { "name": "RHSA-2024:1393", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1393" }, { "name": "RHSA-2024:1394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1394" }, { "name": "RHSA-2024:4035", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4035" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2182" }, { "name": "RHBZ#2267840", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267840" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/" }, { "tags": [ "x_transferred" ], "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/03/12/5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://www.github.com/ovn-org/ovn/", "defaultStatus": "unaffected", "packageName": "ovn", "versions": [ { "lessThan": "*", "status": "affected", "version": "20.03.0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.06", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.06.1-112.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.12.1-94.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.03.3-71.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.03", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.03.1-100.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:21.12.0-142.el8fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.09", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.09.0-136.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.06", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.06.1-112.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.12", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.12.1-94.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn22.03", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.03.3-71.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn23.03", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.03.1-100.el9fdp", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.11", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.12", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn2.13", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "affected", "packageName": "ovn-2021", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.06", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath" ], "defaultStatus": "unknown", "packageName": "ovn22.09", "product": "Fast Datapath for RHEL 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Frode Nordahl (Canonical) for reporting this issue." } ], "datePublic": "2024-03-12T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "Origin Validation Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:29:03.042Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1385", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1385" }, { "name": "RHSA-2024:1386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1386" }, { "name": "RHSA-2024:1387", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1387" }, { "name": "RHSA-2024:1388", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1388" }, { "name": "RHSA-2024:1390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1390" }, { "name": "RHSA-2024:1391", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1391" }, { "name": "RHSA-2024:1392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1392" }, { "name": "RHSA-2024:1393", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1393" }, { "name": "RHSA-2024:1394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1394" }, { "name": "RHSA-2024:4035", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4035" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2182" }, { "name": "RHBZ#2267840", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267840" }, { "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html" }, { "url": "https://www.openwall.com/lists/oss-security/2024/03/12/5" } ], "timeline": [ { "lang": "en", "time": "2024-03-04T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-12T00:00:00+00:00", "value": "Made public." } ], "title": "Ovn: insufficient validation of bfd packets may lead to denial of service", "x_redhatCweChain": "CWE-346: Origin Validation Error" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-2182", "datePublished": "2024-03-12T16:18:31.829Z", "dateReserved": "2024-03-05T00:40:55.429Z", "dateUpdated": "2024-11-15T15:29:03.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9676
Vulnerability from cvelistv5
Published
2024-10-15 15:27
Modified
2024-12-01 23:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020241101101019.afee755d < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9676", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T15:45:48.644647Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T15:46:17.963Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020241101101019.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.2.2-9.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.37.5-1.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.11-1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", "cpe:/a:redhat:openshift_ironic:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.5-30.rhaos4.12.git53dc492.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-26.rhaos4.13.giteb3d487.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.8-12.rhaos4.14.git7597c43.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.11-5.rhaos4.15.git35a2431.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.29.9-6.rhaos4.16.gite7bd45a.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-14.rhaos4.16.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.30.6-6.rhaos4.17.git6ac6e96.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "5:5.2.2-1.rhaos4.17.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-docker-builder", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-builder-rhel8", "product": "Red Hat Quay 3", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Erik Sj\u00f6lund \u003cerik.sjolund@gmail.com\u003e for reporting this issue." } ], "datePublic": "2024-10-15T15:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-01T23:14:03.181Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10289" }, { "name": "RHSA-2024:8418", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8418" }, { "name": "RHSA-2024:8428", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8428" }, { "name": "RHSA-2024:8437", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8437" }, { "name": "RHSA-2024:8686", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8686" }, { "name": "RHSA-2024:8690", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8690" }, { "name": "RHSA-2024:8694", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8694" }, { "name": "RHSA-2024:8700", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8700" }, { "name": "RHSA-2024:8984", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8984" }, { "name": "RHSA-2024:9051", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9051" }, { "name": "RHSA-2024:9454", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9454" }, { "name": "RHSA-2024:9459", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9459" }, { "name": "RHSA-2024:9926", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9926" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-9676" }, { "name": "RHBZ#2317467", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317467" }, { "url": "https://github.com/advisories/GHSA-wq2p-5pc6-wpgf" } ], "timeline": [ { "lang": "en", "time": "2024-10-09T02:59:07.708000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-10-15T15:00:00+00:00", "value": "Made public." } ], "title": "Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-9676", "datePublished": "2024-10-15T15:27:33.665Z", "dateReserved": "2024-10-09T03:02:48.802Z", "dateUpdated": "2024-12-01T23:14:03.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11217
Vulnerability from cvelistv5
Published
2024-11-15 20:48
Modified
2024-11-21 20:51
Severity ?
EPSS score ?
Summary
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-11217 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2326230 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-11217", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T21:09:10.428897Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:09:27.890Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-oauth-server-rhel7", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat)." } ], "datePublic": "2024-11-14T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1295", "description": "Debug Messages Revealing Unnecessary Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T20:51:34.373Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-11217" }, { "name": "RHBZ#2326230", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326230" } ], "timeline": [ { "lang": "en", "time": "2024-11-14T12:49:38.971000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-14T00:00:00+00:00", "value": "Made public." } ], "title": "Oauth-server-container: oauth-server-container logs client secret in debug level", "x_redhatCweChain": "CWE-1295: Debug Messages Revealing Unnecessary Information" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-11217", "datePublished": "2024-11-15T20:48:46.460Z", "dateReserved": "2024-11-14T12:57:54.752Z", "dateUpdated": "2024-11-21T20:51:34.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-25720
Vulnerability from cvelistv5
Published
2024-11-17 10:17
Modified
2024-11-21 20:51
Severity ?
EPSS score ?
Summary
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-25720 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2305954 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2020-25720", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-17T16:18:39.310986Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-17T16:18:49.431Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://git.samba.org/samba.git", "defaultStatus": "unaffected", "packageName": "samba", "versions": [ { "lessThan": "4.17.8", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "samba", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "samba4", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "samba", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "samba", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "samba", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:storage:3" ], "defaultStatus": "unaffected", "packageName": "samba", "product": "Red Hat Storage 3", "vendor": "Red Hat" } ], "datePublic": "2022-06-14T00:12:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object\u0027s creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the \u0027creator owner.\u0027 The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T20:51:52.457Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2020-25720" }, { "name": "RHBZ#2305954", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305954" } ], "timeline": [ { "lang": "en", "time": "2024-07-16T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-06-14T00:12:00+00:00", "value": "Made public." } ], "title": "Samba: check attribute access rights for ldap adds of computers", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-264" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25720", "datePublished": "2024-11-17T10:17:07.511Z", "dateReserved": "2020-09-16T00:00:00.000Z", "dateUpdated": "2024-11-21T20:51:52.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1753
Vulnerability from cvelistv5
Published
2024-03-18 14:23
Modified
2024-11-26 19:55
Severity ?
EPSS score ?
Summary
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 4.15.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1753", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-02T15:05:28.144862Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:00:10.892Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:22.005Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2049" }, { "name": "RHSA-2024:2055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2055" }, { "name": "RHSA-2024:2064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2064" }, { "name": "RHSA-2024:2066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2066" }, { "name": "RHSA-2024:2077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2077" }, { "name": "RHSA-2024:2084", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2084" }, { "name": "RHSA-2024:2089", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2089" }, { "name": "RHSA-2024:2090", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2090" }, { "name": "RHSA-2024:2097", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2097" }, { "name": "RHSA-2024:2098", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2098" }, { "name": "RHSA-2024:2548", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2548" }, { "name": "RHSA-2024:2645", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2645" }, { "name": "RHSA-2024:2669", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2669" }, { "name": "RHSA-2024:2672", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2672" }, { "name": "RHSA-2024:2784", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2784" }, { "name": "RHSA-2024:2877", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2877" }, { "name": "RHSA-2024:3254", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3254" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1753" }, { "name": "RHBZ#2265513", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265513" }, { "tags": [ "x_transferred" ], "url": "https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf" }, { "tags": [ "x_transferred" ], "url": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/openshift/builder/", "defaultStatus": "unaffected", "packageName": "buildah", "versions": [ { "status": "affected", "version": "4.15.0" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:4.0", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240413110917.d7b6f4b7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240417184044.e7857ab1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240419145834.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020240422155330.3b538bd8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:4.0", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020240419071711.2e213529", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8080020240422101606.0f77c1b7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.31.5-1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-3.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.26.7-1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.2.0-3.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.3-1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.4.1-16.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-3.2.rhaos4.12.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-6.3.rhaos4.13.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-7.3.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-13.4.rhaos4.14.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-23.2.rhaos4.15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" } ], "datePublic": "2024-03-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-59", "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T19:55:15.725Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2049" }, { "name": "RHSA-2024:2055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2055" }, { "name": "RHSA-2024:2064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2064" }, { "name": "RHSA-2024:2066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2066" }, { "name": "RHSA-2024:2077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2077" }, { "name": "RHSA-2024:2084", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2084" }, { "name": "RHSA-2024:2089", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2089" }, { "name": "RHSA-2024:2090", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2090" }, { "name": "RHSA-2024:2097", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2097" }, { "name": "RHSA-2024:2098", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2098" }, { "name": "RHSA-2024:2548", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2548" }, { "name": "RHSA-2024:2645", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2645" }, { "name": "RHSA-2024:2669", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2669" }, { "name": "RHSA-2024:2672", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2672" }, { "name": "RHSA-2024:2784", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2784" }, { "name": "RHSA-2024:2877", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2877" }, { "name": "RHSA-2024:3254", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3254" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1753" }, { "name": "RHBZ#2265513", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265513" }, { "url": "https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf" }, { "url": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2658" } ], "timeline": [ { "lang": "en", "time": "2024-02-22T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-03-18T00:00:00+00:00", "value": "Made public." } ], "title": "Buildah: full container escape at build time", "workarounds": [ { "lang": "en", "value": "When SELinux is enabled, the container is restricted to limited read-only access." } ], "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1753", "datePublished": "2024-03-18T14:23:44.213Z", "dateReserved": "2024-02-22T14:42:20.623Z", "dateUpdated": "2024-11-26T19:55:15.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3056
Vulnerability from cvelistv5
Published
2024-08-02 20:37
Modified
2024-11-26 06:53
Severity ?
EPSS score ?
Summary
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-3056 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2270717 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3056", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-03T18:09:31.742310Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-03T18:09:40.413Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:4.0/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-07-25T07:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container\u0027s cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T06:53:04.367Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3056" }, { "name": "RHBZ#2270717", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270717" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-25T07:00:00+00:00", "value": "Made public." } ], "title": "Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-3056", "datePublished": "2024-08-02T20:37:59.053Z", "dateReserved": "2024-03-28T19:59:39.848Z", "dateUpdated": "2024-11-26T06:53:04.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6508
Vulnerability from cvelistv5
Published
2024-08-21 05:45
Modified
2024-12-12 03:49
Severity ?
EPSS score ?
Summary
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:10813 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7922 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8415 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8991 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9620 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-6508 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2295777 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6508", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T13:24:02.161482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T13:38:00.878Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/openshift/console", "defaultStatus": "affected", "packageName": "openshift-console" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "openshift-enterprise-console-container", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202411131205.p0.g839a801.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console-rhel9", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console-rhel9", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9", "versionType": "rpm" } ] } ], "datePublic": "2024-08-19T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim\u2019s current application account using a third-party account without any restrictions." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-331", "description": "Insufficient Entropy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-12T03:49:49.365Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10813", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10813" }, { "name": "RHSA-2024:7922", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7922" }, { "name": "RHSA-2024:8415", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8415" }, { "name": "RHSA-2024:8991", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8991" }, { "name": "RHSA-2024:9620", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9620" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-6508" }, { "name": "RHBZ#2295777", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295777" } ], "timeline": [ { "lang": "en", "time": "2024-06-17T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-08-19T00:00:00+00:00", "value": "Made public." } ], "title": "Openshift-console: oauth2 insufficient state parameter entropy", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-331: Insufficient Entropy" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-6508", "datePublished": "2024-08-21T05:45:28.303Z", "dateReserved": "2024-07-04T11:10:33.464Z", "dateUpdated": "2024-12-12T03:49:49.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9407
Vulnerability from cvelistv5
Published
2024-10-01 20:13
Modified
2024-12-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:10147 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8846 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9051 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9454 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9459 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9926 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-9407 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2315887 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9407", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T20:38:18.374514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T20:38:33.629Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/containers/buildah", "defaultStatus": "affected", "packageName": "buildah", "versions": [ { "lessThan": "1.9.1", "status": "unaffected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://github.com/containers/podman", "defaultStatus": "affected", "packageName": "podman", "versions": [ { "lessThan": "1.5.0", "status": "unaffected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020241023085649.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.2.2-9.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.37.5-1.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.11-1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "416.94.202411201433-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-docker-builder", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-10-01T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-01T23:13:32.529Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10147", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10147" }, { "name": "RHSA-2024:8846", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8846" }, { "name": "RHSA-2024:9051", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9051" }, { "name": "RHSA-2024:9454", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9454" }, { "name": "RHSA-2024:9459", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9459" }, { "name": "RHSA-2024:9926", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9926" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-9407" }, { "name": "RHBZ#2315887", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315887" } ], "timeline": [ { "lang": "en", "time": "2024-10-01T10:33:54.248000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-10-01T00:00:00+00:00", "value": "Made public." } ], "title": "Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-20: Improper Input Validation" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-9407", "datePublished": "2024-10-01T20:13:29.588Z", "dateReserved": "2024-10-01T10:55:34.838Z", "dateUpdated": "2024-12-01T23:13:32.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9675
Vulnerability from cvelistv5
Published
2024-10-09 14:32
Modified
2024-12-01 23:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020241023085649.afee755d < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9675", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-09T16:16:25.550764Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-09T16:24:34.705Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020241023085649.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020241028154646.3b538bd8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020241028154646.3b538bd8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020241028154646.3b538bd8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8080020241025064551.0f77c1b7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.10-1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-16.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.2.2-9.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.37.5-1.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.26.8-2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.2.0-5.el9_0.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.4-1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:4.4.1-21.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-15.rhaos4.13.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-21.rhaos4.14.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-32.rhaos4.15.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-14.rhaos4.16.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el8", "cpe:/a:redhat:openshift:4.17::el9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "5:5.2.2-1.rhaos4.17.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "ocp-tools-4/jenkins-rhel8", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-docker-builder", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-builder-rhel8", "product": "Red Hat Quay 3", "vendor": "Red Hat" } ], "datePublic": "2024-10-09T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-01T23:14:00.658Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:8563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8563" }, { "name": "RHSA-2024:8675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8675" }, { "name": "RHSA-2024:8679", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8679" }, { "name": "RHSA-2024:8686", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8686" }, { "name": "RHSA-2024:8690", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8690" }, { "name": "RHSA-2024:8700", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8700" }, { "name": "RHSA-2024:8703", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8703" }, { "name": "RHSA-2024:8707", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8707" }, { "name": "RHSA-2024:8708", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8708" }, { "name": "RHSA-2024:8709", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8709" }, { "name": "RHSA-2024:8846", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8846" }, { "name": "RHSA-2024:8984", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8984" }, { "name": "RHSA-2024:8994", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8994" }, { "name": "RHSA-2024:9051", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9051" }, { "name": "RHSA-2024:9454", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9454" }, { "name": "RHSA-2024:9459", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9459" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-9675" }, { "name": "RHBZ#2317458", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458" } ], "timeline": [ { "lang": "en", "time": "2024-10-09T02:45:06.343000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-10-09T00:00:00+00:00", "value": "Made public." } ], "title": "Buildah: buildah allows arbitrary directory mount", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-9675", "datePublished": "2024-10-09T14:32:11.922Z", "dateReserved": "2024-10-09T02:47:50.357Z", "dateUpdated": "2024-12-01T23:14:00.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-45496
Vulnerability from cvelistv5
Published
2024-09-16 23:58
Modified
2024-11-24 19:21
Severity ?
EPSS score ?
Summary
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:6685 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6687 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6689 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6691 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6705 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-45496 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2308661 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4.12 |
Unaffected: v4.12.0-202409131137.p1.g0b1971a.assembly.stream.el8 < * cpe:/a:redhat:openshift:4.12::el8 |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45496", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-17T15:05:05.525825Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T15:05:15.692Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-controller-manager-rhel8", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.12.0-202409131137.p1.g0b1971a.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-controller-manager-rhel8", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.13.0-202409130707.p1.gb75d499.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-controller-manager-rhel8", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202409130708.p1.g9020ea1.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-controller-manager-rhel9", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202409131835.p1.gbe9d673.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-openshift-controller-manager-rhel9", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-202409130937.p1.g5dcfc99.assembly.stream.el9", "versionType": "rpm" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Thibault Guittet (Red Hat)." } ], "datePublic": "2024-09-16T07:55:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform\u0027s build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T19:21:49.398Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:6685", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6685" }, { "name": "RHSA-2024:6687", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6687" }, { "name": "RHSA-2024:6689", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6689" }, { "name": "RHSA-2024:6691", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6691" }, { "name": "RHSA-2024:6705", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6705" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-45496" }, { "name": "RHBZ#2308661", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308661" } ], "timeline": [ { "lang": "en", "time": "2024-08-29T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-16T07:55:00+00:00", "value": "Made public." } ], "title": "Openshift-controller-manager: elevated build pods can lead to node compromise in openshift", "workarounds": [ { "lang": "en", "value": "Cluster admins can follow the instructions in \"Securing Builds by Strategy\" to block use of the \"Docker\" and \u201cSource\u201d build strategies on a cluster, or restrict the use to a set of highly trusted users, until the cluster is able to be upgraded.\n\nhttps://docs.openshift.com/container-platform/4.16/cicd/builds/securing-builds-by-strategy.html" } ], "x_redhatCweChain": "CWE-269: Improper Privilege Management" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-45496", "datePublished": "2024-09-16T23:58:59.399Z", "dateReserved": "2024-08-30T10:12:13.684Z", "dateUpdated": "2024-11-24T19:21:49.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4145
Vulnerability from cvelistv5
Published
2023-10-05 12:34
Modified
2024-09-03 13:34
Severity ?
EPSS score ?
Summary
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-4145 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2148667 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | n/a | openshift | |||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:27:54.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4145" }, { "name": "RHBZ#2148667", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148667" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-4145", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T13:28:30.246692Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T13:34:13.619Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "openshift", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by John Mazzitelli (Red Hat)." } ], "datePublic": "2022-11-22T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A content spoofing flaw was found in OpenShift\u0027s OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-05T12:34:57.523Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4145" }, { "name": "RHBZ#2148667", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148667" } ], "timeline": [ { "lang": "en", "time": "2022-11-26T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-11-22T00:00:00+00:00", "value": "Made public." } ], "title": "Content spoofing", "x_redhatCweChain": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4145", "datePublished": "2023-10-05T12:34:57.523Z", "dateReserved": "2022-11-26T22:08:59.200Z", "dateUpdated": "2024-09-03T13:34:13.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8676
Vulnerability from cvelistv5
Published
2024-11-26 19:15
Modified
2024-12-03 21:27
Severity ?
EPSS score ?
Summary
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-8676 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2313842 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8676", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T21:01:28.945651Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T21:01:45.208Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:rhel8/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2024-11-26T18:21:38.116000+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn\u0027t have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-03T21:27:59.696Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-8676" }, { "name": "RHBZ#2313842", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313842" } ], "timeline": [ { "lang": "en", "time": "2024-09-20T19:45:05.331000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-26T18:21:38.116000+00:00", "value": "Made public." } ], "title": "Cri-o: checkpoint restore can be triggered from different namespaces", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-285: Improper Authorization" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-8676", "datePublished": "2024-11-26T19:15:48.475Z", "dateReserved": "2024-09-10T19:56:52.932Z", "dateUpdated": "2024-12-03T21:27:59.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9341
Vulnerability from cvelistv5
Published
2024-10-01 18:52
Modified
2024-12-11 03:45
Severity ?
EPSS score ?
Summary
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8100020241023085649.afee755d < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9341", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T19:23:28.683055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T19:23:37.158Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020241023085649.afee755d", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:4.9.4-13.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.33.9-1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.2.2-9.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.37.5-1.el9_5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift_ironic:4.12::el9", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.5-30.rhaos4.12.git53dc492.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-26.rhaos4.13.giteb3d487.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.8-10.rhaos4.14.git807f92c.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.11-5.rhaos4.15.git35a2431.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.29.9-5.rhaos4.16.git34690b9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "416.94.202411201433-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.30.6-3.rhaos4.17.git49b5172.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.17::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.17", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "417.94.202412040832-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-docker-builder", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Paul Holzinger for reporting this issue." } ], "datePublic": "2024-10-01T15:45:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-59", "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-11T03:45:20.528Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10147", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10147" }, { "name": "RHSA-2024:10818", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10818" }, { "name": "RHSA-2024:7925", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7925" }, { "name": "RHSA-2024:8039", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8039" }, { "name": "RHSA-2024:8112", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8112" }, { "name": "RHSA-2024:8238", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8238" }, { "name": "RHSA-2024:8263", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8263" }, { "name": "RHSA-2024:8428", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8428" }, { "name": "RHSA-2024:8690", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8690" }, { "name": "RHSA-2024:8694", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8694" }, { "name": "RHSA-2024:8846", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8846" }, { "name": "RHSA-2024:9454", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9454" }, { "name": "RHSA-2024:9459", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9459" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-9341" }, { "name": "RHBZ#2315691", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315691" }, { "url": "https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169" }, { "url": "https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349" } ], "timeline": [ { "lang": "en", "time": "2024-09-30T15:18:57.587000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-10-01T15:45:00+00:00", "value": "Made public." } ], "title": "Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-9341", "datePublished": "2024-10-01T18:52:00.686Z", "dateReserved": "2024-09-30T15:19:22.496Z", "dateUpdated": "2024-12-11T03:45:20.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3089
Vulnerability from cvelistv5
Published
2023-07-05 12:21
Modified
2024-10-24 19:13
Severity ?
EPSS score ?
Summary
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-3089 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2212085 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:41:04.166Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3089" }, { "name": "RHBZ#2212085", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212085" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3089", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-24T19:12:21.482201Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-24T19:13:59.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "openshift", "vendor": "n/a", "versions": [ { "status": "unaffected", "version": "4.12.0" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_mesh:2.2" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "OpenShift Service Mesh 2.2.x", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_mesh:2.3" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "OpenShift Service Mesh 2.3.x", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_mesh:2.4" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "OpenShift Service Mesh 2.4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_streams:1" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "Red Hat JBoss A-MQ Streams", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unaffected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 3.11", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift-ansible", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift-golang-builder-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_sandboxed_containers:1" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "Red Hat Openshift sandboxed containers", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "(as-yet-unknown)", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by David Benoit (Red Hat)." } ], "datePublic": "2023-07-05T12:00:00Z", "descriptions": [ { "lang": "en", "value": "A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "Protection Mechanism Failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T12:21:03.036Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3089" }, { "name": "RHBZ#2212085", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212085" } ], "timeline": [ { "lang": "en", "time": "2023-06-03T00:00:00Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-05T12:00:00Z", "value": "Made public." } ], "title": "Ocp \u0026 fips mode", "workarounds": [ { "lang": "en", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected packages as soon as possible." } ], "x_redhatCweChain": "CWE-166-\u003eCWE-693: Improper Handling of Missing Special Element leads to Protection Mechanism Failure" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3089", "datePublished": "2023-07-05T12:21:03.036Z", "dateReserved": "2023-06-03T17:29:23.874Z", "dateUpdated": "2024-10-24T19:13:59.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5037
Vulnerability from cvelistv5
Published
2024-06-05 18:03
Modified
2024-11-24 17:17
Severity ?
EPSS score ?
Summary
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4151 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4156 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4329 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4484 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5200 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-5037 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2272339 | issue-tracking, x_refsource_REDHAT | |
https://github.com/kubernetes/kubernetes/pull/123540 | ||
https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4.12 |
Unaffected: v4.12.0-202408071159.p0.gc9592de.assembly.stream.el8 < * cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5037", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-13T20:15:59.404791Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-13T20:16:05.375Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:03:10.506Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:4151", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "name": "RHSA-2024:4156", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4156" }, { "name": "RHSA-2024:4329", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "name": "RHSA-2024:4484", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-5037" }, { "name": "RHBZ#2272339", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272339" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/pull/123540" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-telemeter", "product": "Red Hat OpenShift Container Platform 4.12", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.12.0-202408071159.p0.gc9592de.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-telemeter", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.13.0-202407081338.p0.g0634a6d.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-telemeter", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202407021509.p0.g1f72681.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-telemeter-rhel9", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202406200537.p0.g14489f7.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-telemeter-rhel9", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.16.0-202406200537.p0.gc1ecd10.assembly.stream.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "unaffected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:2" ], "defaultStatus": "affected", "packageName": "rhosdt/tempo-gateway-opa-rhel8", "product": "Red Hat OpenShift distributed tracing 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3" ], "defaultStatus": "affected", "packageName": "rhosdt/tempo-gateway-opa-rhel8", "product": "Red Hat OpenShift distributed tracing 3", "vendor": "Red Hat" } ], "datePublic": "2024-06-05T17:51:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in OpenShift\u0027s Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue (\"iss\") check during JSON web token (JWT) authentication." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T17:17:04.382Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:4151", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "name": "RHSA-2024:4156", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4156" }, { "name": "RHSA-2024:4329", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "name": "RHSA-2024:4484", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "name": "RHSA-2024:5200", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5200" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-5037" }, { "name": "RHBZ#2272339", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272339" }, { "url": "https://github.com/kubernetes/kubernetes/pull/123540" }, { "url": "https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78" } ], "timeline": [ { "lang": "en", "time": "2024-03-30T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-06-05T17:51:00+00:00", "value": "Made public." } ], "title": "Openshift/telemeter: iss check during jwt authentication can be bypassed", "x_redhatCweChain": "CWE-290: Authentication Bypass by Spoofing" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-5037", "datePublished": "2024-06-05T18:03:23.194Z", "dateReserved": "2024-05-16T22:03:32.375Z", "dateUpdated": "2024-11-24T17:17:04.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1342
Vulnerability from cvelistv5
Unable to reproduce.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-10-14T22:00:07.768Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "rejectedReasons": [ { "lang": "en", "value": "Unable to reproduce." } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1342", "datePublished": "2024-02-16T15:20:53.354Z", "dateRejected": "2024-10-14T22:00:07.768Z", "dateReserved": "2024-02-07T22:26:19.404Z", "dateUpdated": "2024-10-14T22:00:07.768Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6409
Vulnerability from cvelistv5
Published
2024-07-08 17:57
Modified
2024-11-24 17:26
Severity ?
EPSS score ?
Summary
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4457 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4613 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4716 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4910 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4955 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4960 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5444 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-6409 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2295085 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6409", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T03:55:30.136Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:41:03.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/08/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/09/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/09/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/10/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/10/2" }, { "name": "RHSA-2024:4457", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4457" }, { "name": "RHSA-2024:4613", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4613" }, { "name": "RHSA-2024:4716", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4716" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-6409" }, { "tags": [ "x_transferred" ], "url": "https://almalinux.org/blog/2024-07-09-cve-2024-6409/" }, { "name": "RHBZ#2295085", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295085" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1227217" }, { "tags": [ "x_transferred" ], "url": "https://explore.alas.aws.amazon.com/CVE-2024-6409.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2024-6409" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240712-0003/" }, { "tags": [ "x_transferred" ], "url": "https://sig-security.rocky.page/issues/CVE-2024-6409/" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2024-6409" }, { "tags": [ "x_transferred" ], "url": "https://www.suse.com/security/cve/CVE-2024-6409.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://www.openssh.com/", "defaultStatus": "unaffected", "packageName": "OpenSSH", "repo": "https://anongit.mindrot.org/openssh.git" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.7p1-38.el9_4.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.7p1-38.el9_4.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream" ], "defaultStatus": "affected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.7p1-12.el9_0.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.7p1-30.el9_2.7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "413.92.202408122222-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "414.92.202407300859-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "415.92.202407301159-0", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.16::el9" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4.16", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "416.94.202407171205-0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "openssh", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Solar Designer (CIQ/Rocky Linux) for reporting this issue." } ], "datePublic": "2024-07-08T17:45:07+00:00", "descriptions": [ { "lang": "en", "value": "A race condition vulnerability was discovered in how signals are handled by OpenSSH\u0027s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd\u0027s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-364", "description": "Signal Handler Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T17:26:14.437Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:4457", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4457" }, { "name": "RHSA-2024:4613", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4613" }, { "name": "RHSA-2024:4716", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4716" }, { "name": "RHSA-2024:4910", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4910" }, { "name": "RHSA-2024:4955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4955" }, { "name": "RHSA-2024:4960", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4960" }, { "name": "RHSA-2024:5444", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5444" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-6409" }, { "name": "RHBZ#2295085", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295085" } ], "timeline": [ { "lang": "en", "time": "2024-07-01T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-08T17:45:07+00:00", "value": "Made public." } ], "title": "Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9", "workarounds": [ { "lang": "en", "value": "The process is identical to CVE-2024-6387, by disabling LoginGraceTime. See that CVE page for additional details." } ], "x_redhatCweChain": "CWE-364: Signal Handler Race Condition" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-6409", "datePublished": "2024-07-08T17:57:10.517Z", "dateReserved": "2024-06-28T18:10:24.954Z", "dateUpdated": "2024-11-24T17:26:14.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4369
Vulnerability from cvelistv5
Published
2024-04-30 23:49
Modified
2024-12-06 14:52
Severity ?
EPSS score ?
Summary
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:3881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3889 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-4369 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2278035 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-4369", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-03T16:58:46.811103Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-03T18:23:20.777Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:40:47.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:3881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3881" }, { "name": "RHSA-2024:3889", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-4369" }, { "name": "RHBZ#2278035", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278035" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/openshift/cluster-image-registry-operator", "defaultStatus": "unaffected", "packageName": "cluster-image-registry-operator", "versions": [ { "lessThan": "ocp-4.14.30", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8" ], "defaultStatus": "affected", "packageName": "openshift4/ose-cluster-image-registry-operator", "product": "Red Hat OpenShift Container Platform 4.14", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.14.0-202406112008.p0.g36b3cca.assembly.stream.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9" ], "defaultStatus": "affected", "packageName": "openshift4/ose-cluster-image-registry-rhel9-operator", "product": "Red Hat OpenShift Container Platform 4.15", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v4.15.0-202406060836.p0.gf577b35.assembly.stream.el9", "versionType": "rpm" } ] } ], "datePublic": "2024-04-30T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure flaw was found in OpenShift\u0027s internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator\u0027s Azure service account." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-526", "description": "Cleartext Storage of Sensitive Information in an Environment Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-06T14:52:14.083Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:3881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3881" }, { "name": "RHSA-2024:3889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3889" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-4369" }, { "name": "RHBZ#2278035", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278035" } ], "timeline": [ { "lang": "en", "time": "2024-04-30T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-30T00:00:00+00:00", "value": "Made public." } ], "title": "Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure", "x_redhatCweChain": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-4369", "datePublished": "2024-04-30T23:49:02.382Z", "dateReserved": "2024-04-30T19:17:21.633Z", "dateUpdated": "2024-12-06T14:52:14.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-43167
Vulnerability from cvelistv5
Published
2024-08-08 20:24
Modified
2024-10-21 11:19
Severity ?
EPSS score ?
Summary
DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-43167 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2303456 | issue-tracking, x_refsource_REDHAT | |
https://github.com/NLnetLabs/unbound/issues/1072 | ||
https://github.com/NLnetLabs/unbound/pull/1073/files |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-43167", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T12:53:54.420983Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T12:54:00.358Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-16T20:02:53.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/08/16/6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "unbound", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "unbound", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "openstack-unbound-container", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "openstack-unbound-container", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "packageName": "openstack-unbound-container", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" } ], "datePublic": "2024-08-07T02:00:00+00:00", "descriptions": [ { "lang": "en", "value": "DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-21T11:19:11.740Z", "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-43167" }, { "name": "RHBZ#2303456", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303456" }, { "url": "https://github.com/NLnetLabs/unbound/issues/1072" }, { "url": "https://github.com/NLnetLabs/unbound/pull/1073/files" } ], "timeline": [ { "lang": "en", "time": "2024-05-21T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-08-07T02:00:00+00:00", "value": "Made public." } ], "title": "Unbound: null pointer dereference in unbound", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-43167", "datePublished": "2024-08-08T20:24:49.932Z", "dateReserved": "2024-08-07T13:02:00.798Z", "dateUpdated": "2024-10-21T11:19:11.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50311
Vulnerability from cvelistv5
Published
2024-10-22 13:24
Modified
2024-12-04 07:17
Severity ?
EPSS score ?
Summary
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-50311 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2319379 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-50311", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T15:43:27.683347Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T15:43:43.098Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-console", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Maksymilian Kubiak (AFINE), Pawe\u0142 Zdunek (AFINE), and S\u0142awomir Zakrzewski (AFINE) for reporting this issue." } ], "datePublic": "2024-10-17T13:16:49.327000+00:00", "descriptions": [ { "lang": "en", "value": "A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-04T07:17:28.191Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-50311" }, { "name": "RHBZ#2319379", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319379" } ], "timeline": [ { "lang": "en", "time": "2024-10-17T12:33:51.373000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-10-17T13:16:49.327000+00:00", "value": "Made public." } ], "title": "Graphql: denial of service (dos) vulnerability via graphql batching", "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-50311", "datePublished": "2024-10-22T13:24:04.199Z", "dateReserved": "2024-10-22T07:15:25.163Z", "dateUpdated": "2024-12-04T07:17:28.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3248
Vulnerability from cvelistv5
Published
2023-10-05 13:28
Modified
2024-08-29 20:01
Severity ?
EPSS score ?
Summary
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-3248 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2072188 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | kubernetes | |||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:05.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-3248" }, { "name": "RHBZ#2072188", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072188" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-3248", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T19:59:13.226604Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T20:01:55.479Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "kubernetes", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/agent-service-rhel8", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "unaffected", "packageName": "kubernetes", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_tower:3" ], "defaultStatus": "unaffected", "packageName": "kubernetes", "product": "Red Hat Ansible Tower 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:3.11" ], "defaultStatus": "unknown", "packageName": "atomic-openshift", "product": "Red Hat OpenShift Container Platf