rhsa-2021_3001
Vulnerability from csaf_redhat
Published
2021-08-03 20:28
Modified
2024-09-18 02:37
Summary
Red Hat Security Advisory: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update
Notes
Topic
The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Windows Container Support for Red Hat OpenShift allows you to deploy
Windows container workloads running on Windows Server containers.
Security Fix(es):
* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* LB service unstable with multiple Windows nodes and pods (BZ#1905950)
* WMCO patch pub-key-hash annotation to Linux node (BZ#1930791)
* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968)
* Telemetry info not completely available to identify windows nodes (BZ#1948037)
* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952914)
* WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692)
* Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Windows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* LB service unstable with multiple Windows nodes and pods (BZ#1905950)\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1930791)\n\n* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968)\n\n* Telemetry info not completely available to identify windows nodes (BZ#1948037)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952914)\n\n* WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692)\n\n* Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3001",
"url": "https://access.redhat.com/errata/RHSA-2021:3001"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1905950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905950"
},
{
"category": "external",
"summary": "1919391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"category": "external",
"summary": "1930791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930791"
},
{
"category": "external",
"summary": "1939968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939968"
},
{
"category": "external",
"summary": "1948037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948037"
},
{
"category": "external",
"summary": "1952914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952914"
},
{
"category": "external",
"summary": "1953692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953692"
},
{
"category": "external",
"summary": "1971745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971745"
},
{
"category": "external",
"summary": "1983153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983153"
},
{
"category": "external",
"summary": "WINC-618",
"url": "https://issues.redhat.com/browse/WINC-618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3001.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update",
"tracking": {
"current_release_date": "2024-09-18T02:37:09+00:00",
"generator": {
"date": "2024-09-18T02:37:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:3001",
"initial_release_date": "2021-08-03T20:28:58+00:00",
"revision_history": [
{
"date": "2021-08-03T20:28:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-03T20:28:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T02:37:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64",
"product": {
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64",
"product_id": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle\u0026tag=v3.0.0-17"
}
}
},
{
"category": "product_version",
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64",
"product": {
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64",
"product_id": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-rhel8-operator\u0026tag=3.0.0-16"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64"
},
"product_reference": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64"
},
"product_reference": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Casey Callendrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-20206",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-01-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1919391"
}
],
"notes": [
{
"category": "description",
"text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64"
],
"known_not_affected": [
"8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-operator-bundle@sha256:d6d2bcc5bb80900b446c020d8d800bb3831e7bd247f0b0363291f09b908b4d9c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "RHBZ#1919391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206"
}
],
"release_date": "2021-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For Windows Machine Config Operator upgrades, see the following documentation:\nhttps://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3001"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:519418c1b39d6c73761e631ca7133035f210878e00711c2c841c564130ddf13e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration"
}
]
}
Loading...