WID-SEC-W-2024-0947
Vulnerability from csaf_certbund
Published
2024-04-22 22:00
Modified
2024-12-17 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0947 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0947.json", }, { category: "self", summary: "WID-SEC-2024-0947 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-04-22", url: "https://access.redhat.com/errata/RHSA-2024:1946", }, { category: "external", summary: "Red Hat Bugzilla – Bug 2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "Red Hat Bugzilla – Bug 2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2639 vom 2024-05-01", url: "https://access.redhat.com/errata/RHSA-2024:2639", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2549 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2549", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2054 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2054", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2071 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2071", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2549 vom 2024-05-07", url: "https://linux.oracle.com/errata/ELSA-2024-2549.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2669 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2669", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2672", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2776 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2776", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2773", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2784 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2784", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2865", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3254", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2869 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:2869", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2877 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:2877", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3351", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3349", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3327", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3254 vom 2024-06-01", url: "https://linux.oracle.com/errata/ELSA-2024-3254.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-C95D3199C5 vom 2024-06-03", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c95d3199c5", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-1BEAA94D86 vom 2024-06-03", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1beaa94d86", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3550 vom 2024-06-03", url: "https://access.redhat.com/errata/RHSA-2024:3550", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10", url: "https://access.redhat.com/errata/RHSA-2024:3523", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3827 vom 2024-06-11", url: "https://access.redhat.com/errata/RHSA-2024:3827", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3826 vom 2024-06-12", url: "https://linux.oracle.com/errata/ELSA-2024-3826.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3827 vom 2024-06-12", url: "https://linux.oracle.com/errata/ELSA-2024-3827.html", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3827 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3827", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3826 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3826", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3968 vom 2024-06-18", url: "https://access.redhat.com/errata/RHSA-2024:3968", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3968 vom 2024-06-19", url: "https://linux.oracle.com/errata/ELSA-2024-3968.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3989 vom 2024-06-20", url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4028 vom 2024-06-20", url: "https://access.redhat.com/errata/RHSA-2024:4028", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4041", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4006", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02", url: "https://errata.build.resf.org/RLSA-2024:3968", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4455 vom 2024-07-29", url: "https://access.redhat.com/errata/RHSA-2024:4455", }, { category: "external", summary: "Amazon Linux Security Advisory ALASDOCKER-2024-041 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-041.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6209 vom 2024-09-03", url: "https://access.redhat.com/errata/RHSA-2024:6209", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8229 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8229", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8235", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30", url: "https://access.redhat.com/errata/RHSA-2024:8677", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2024-150 vom 2024-12-17", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-150/index.html", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-17T23:00:00.000+00:00", generator: { date: "2024-12-18T10:28:08.344+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0947", initial_release_date: "2024-04-22T22:00:00.000+00:00", revision_history: [ { date: "2024-04-22T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-01T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-02T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-07T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-05-09T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-15T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-20T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-21T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-22T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-23T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-30T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-02T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-03T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Fedora und Red Hat aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-06-16T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-06-17T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-19T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-20T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-26T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-02T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-07-07T22:00:00.000+00:00", number: "24", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-07-16T22:00:00.000+00:00", number: "25", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-29T22:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "27", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-09-03T22:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "29", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-22T22:00:00.000+00:00", number: "30", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "31", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-30T23:00:00.000+00:00", number: "32", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-17T23:00:00.000+00:00", number: "33", summary: "Neue Updates von HITACHI aufgenommen", }, ], status: "final", version: "33", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T038840", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.5.1", product: { name: "Red Hat OpenShift Service Mesh Containers <2.5.1", product_id: "T034345", }, }, { category: "product_version", name: "Service Mesh Containers 2.5.1", product: { name: "Red Hat OpenShift Service Mesh Containers 2.5.1", product_id: "T034345-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.5.1", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.12", product: { name: "Red Hat OpenShift Container Platform <4.15.12", product_id: "T034661", }, }, { category: "product_version", name: "Container Platform 4.15.12", product: { name: "Red Hat OpenShift Container Platform 4.15.12", product_id: "T034661-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.12", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.24", product: { name: "Red Hat OpenShift Container Platform <4.14.24", product_id: "T034662", }, }, { category: "product_version", name: "Container Platform 4.14.24", product: { name: "Red Hat OpenShift Container Platform 4.14.24", product_id: "T034662-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.24", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.14", product: { name: "Red Hat OpenShift Container Platform <4.15.14", product_id: "T034932", }, }, { category: "product_version", name: "Container Platform 4.15.14", product: { name: "Red Hat OpenShift Container Platform 4.15.14", product_id: "T034932-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.14", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.26", product: { name: "Red Hat OpenShift Container Platform <4.14.26", product_id: "T035037", }, }, { category: "product_version", name: "Container Platform 4.14.26", product: { name: "Red Hat OpenShift Container Platform 4.14.26", product_id: "T035037-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.26", }, }, }, { category: "product_version_range", name: "Container Platform <4.13.42", product: { name: "Red Hat OpenShift Container Platform <4.13.42", product_id: "T035048", }, }, { category: "product_version", name: "Container Platform 4.13.42", product: { name: "Red Hat OpenShift Container Platform 4.13.42", product_id: "T035048-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.13.42", }, }, }, { category: "product_version_range", name: "Container Platform <4.17.2", product: { name: "Red Hat OpenShift Container Platform <4.17.2", product_id: "T038527", }, }, { category: "product_version", name: "Container Platform 4.17.2", product: { name: "Red Hat OpenShift Container Platform 4.17.2", product_id: "T038527-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.17.2", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-28180", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht in der Jose-Komponente des Service Mesh Containers aufgrund eines unsachgemäßen Umgangs mit stark komprimierten Daten, die es ermöglichen, Anmeldedaten einzusehen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T034932", "67646", "T038527", "T004914", "T034345", "T032255", "T035037", "T035048", "74185", "T034662", "T038840", "T034661", "398363", ], }, release_date: "2024-04-22T22:00:00.000+00:00", title: "CVE-2024-28180", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im follow-redirects-Paket des Service Mesh Containers aufgrund eines fehlenden Clearing-Prozesses, der es ermöglicht, eine JWE mit komprimierten Daten zu senden, die große Mengen an Speicher und CPU verbraucht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T034932", "67646", "T038527", "T004914", "T034345", "T032255", "T035037", "T035048", "74185", "T034662", "T038840", "T034661", "398363", ], }, release_date: "2024-04-22T22:00:00.000+00:00", title: "CVE-2024-28849", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.