rhsa-2023_2138
Vulnerability from csaf_redhat
Published
2023-05-18 02:33
Modified
2024-11-06 02:53
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update
Notes
Topic
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:1326
All OpenShift Container Platform users are advised to upgrade to these updated packages and images.
Security Fix(es):
* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)
* vault: incorrect policy enforcement (CVE-2021-43998)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1326\n\nAll OpenShift Container Platform users are advised to upgrade to these updated packages and images.\n\nSecurity Fix(es):\n\n* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)\n* vault: incorrect policy enforcement (CVE-2021-43998)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2138",
"url": "https://access.redhat.com/errata/RHSA-2023:2138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2028193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193"
},
{
"category": "external",
"summary": "2167340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340"
},
{
"category": "external",
"summary": "OCPBUGS-10819",
"url": "https://issues.redhat.com/browse/OCPBUGS-10819"
},
{
"category": "external",
"summary": "OCPBUGS-11890",
"url": "https://issues.redhat.com/browse/OCPBUGS-11890"
},
{
"category": "external",
"summary": "OCPBUGS-2336",
"url": "https://issues.redhat.com/browse/OCPBUGS-2336"
},
{
"category": "external",
"summary": "OCPBUGS-3005",
"url": "https://issues.redhat.com/browse/OCPBUGS-3005"
},
{
"category": "external",
"summary": "OCPBUGS-3047",
"url": "https://issues.redhat.com/browse/OCPBUGS-3047"
},
{
"category": "external",
"summary": "OCPBUGS-3092",
"url": "https://issues.redhat.com/browse/OCPBUGS-3092"
},
{
"category": "external",
"summary": "OCPBUGS-3210",
"url": "https://issues.redhat.com/browse/OCPBUGS-3210"
},
{
"category": "external",
"summary": "OCPBUGS-3885",
"url": "https://issues.redhat.com/browse/OCPBUGS-3885"
},
{
"category": "external",
"summary": "OCPBUGS-3954",
"url": "https://issues.redhat.com/browse/OCPBUGS-3954"
},
{
"category": "external",
"summary": "OCPBUGS-4197",
"url": "https://issues.redhat.com/browse/OCPBUGS-4197"
},
{
"category": "external",
"summary": "OCPBUGS-4200",
"url": "https://issues.redhat.com/browse/OCPBUGS-4200"
},
{
"category": "external",
"summary": "OCPBUGS-4246",
"url": "https://issues.redhat.com/browse/OCPBUGS-4246"
},
{
"category": "external",
"summary": "OCPBUGS-4329",
"url": "https://issues.redhat.com/browse/OCPBUGS-4329"
},
{
"category": "external",
"summary": "OCPBUGS-4406",
"url": "https://issues.redhat.com/browse/OCPBUGS-4406"
},
{
"category": "external",
"summary": "OCPBUGS-4704",
"url": "https://issues.redhat.com/browse/OCPBUGS-4704"
},
{
"category": "external",
"summary": "OCPBUGS-4821",
"url": "https://issues.redhat.com/browse/OCPBUGS-4821"
},
{
"category": "external",
"summary": "OCPBUGS-5797",
"url": "https://issues.redhat.com/browse/OCPBUGS-5797"
},
{
"category": "external",
"summary": "OCPBUGS-6612",
"url": "https://issues.redhat.com/browse/OCPBUGS-6612"
},
{
"category": "external",
"summary": "OCPBUGS-6769",
"url": "https://issues.redhat.com/browse/OCPBUGS-6769"
},
{
"category": "external",
"summary": "OCPBUGS-6944",
"url": "https://issues.redhat.com/browse/OCPBUGS-6944"
},
{
"category": "external",
"summary": "OCPBUGS-7217",
"url": "https://issues.redhat.com/browse/OCPBUGS-7217"
},
{
"category": "external",
"summary": "OCPBUGS-7464",
"url": "https://issues.redhat.com/browse/OCPBUGS-7464"
},
{
"category": "external",
"summary": "OCPBUGS-7933",
"url": "https://issues.redhat.com/browse/OCPBUGS-7933"
},
{
"category": "external",
"summary": "OCPBUGS-7948",
"url": "https://issues.redhat.com/browse/OCPBUGS-7948"
},
{
"category": "external",
"summary": "OCPBUGS-8006",
"url": "https://issues.redhat.com/browse/OCPBUGS-8006"
},
{
"category": "external",
"summary": "OCPBUGS-8032",
"url": "https://issues.redhat.com/browse/OCPBUGS-8032"
},
{
"category": "external",
"summary": "OCPBUGS-8414",
"url": "https://issues.redhat.com/browse/OCPBUGS-8414"
},
{
"category": "external",
"summary": "OCPBUGS-8525",
"url": "https://issues.redhat.com/browse/OCPBUGS-8525"
},
{
"category": "external",
"summary": "OCPBUGS-9428",
"url": "https://issues.redhat.com/browse/OCPBUGS-9428"
},
{
"category": "external",
"summary": "OCPBUGS-9943",
"url": "https://issues.redhat.com/browse/OCPBUGS-9943"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2138.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update",
"tracking": {
"current_release_date": "2024-11-06T02:53:16+00:00",
"generator": {
"date": "2024-11-06T02:53:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2023:2138",
"initial_release_date": "2023-05-18T02:33:37+00:00",
"revision_history": [
{
"date": "2023-05-18T02:33:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-18T02:33:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T02:53:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"product": {
"name": "openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"product_id": "openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/bare-metal-event-relay-operator-bundle\u0026tag=v4.13.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"product": {
"name": "openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"product_id": "openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/bare-metal-event-relay-rhel8-operator\u0026tag=v4.13.0-42"
}
}
},
{
"category": "product_version",
"name": "openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"product": {
"name": "openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"product_id": "openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"product_identification_helper": {
"purl": "pkg:oci/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/baremetal-hardware-event-proxy-rhel8\u0026tag=v4.13.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"product": {
"name": "openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"product_id": "openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"product_identification_helper": {
"purl": "pkg:oci/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/topology-aware-lifecycle-manager-operator-bundle\u0026tag=v4.13.0-70"
}
}
},
{
"category": "product_version",
"name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"product": {
"name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"product_id": "openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/topology-aware-lifecycle-manager-rhel8-operator\u0026tag=v4.13.0-70"
}
}
},
{
"category": "product_version",
"name": "openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"product": {
"name": "openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"product_id": "openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/topology-aware-lifecycle-manager-precache-rhel8\u0026tag=v4.13.0-45"
}
}
},
{
"category": "product_version",
"name": "openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"product": {
"name": "openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"product_id": "openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/topology-aware-lifecycle-manager-recovery-rhel8\u0026tag=v4.13.0-43"
}
}
},
{
"category": "product_version",
"name": "openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64",
"product": {
"name": "openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64",
"product_id": "openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ztp-site-generate-rhel8\u0026tag=v4.13.0-45"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64"
},
"product_reference": "openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64"
},
"product_reference": "openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64"
},
"product_reference": "openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64"
},
"product_reference": "openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64"
},
"product_reference": "openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64"
},
"product_reference": "openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64"
},
"product_reference": "openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
},
"product_reference": "openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16251",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2023-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vault and Vault Enterprise (\u201cVault\u201d). In affected versions of Vault, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and bypass authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vault: GCP Auth Method Allows Authentication Bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16251"
},
{
"category": "external",
"summary": "RHBZ#2167340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251"
},
{
"category": "external",
"summary": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102",
"url": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102"
}
],
"release_date": "2020-08-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T02:33:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2138"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vault: GCP Auth Method Allows Authentication Bypass"
},
{
"cve": "CVE-2021-43998",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2021-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2028193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vault: incorrect policy enforcement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43998"
},
{
"category": "external",
"summary": "RHBZ#2028193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998"
},
{
"category": "external",
"summary": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
}
],
"release_date": "2021-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T02:33:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2138"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-operator-bundle@sha256:e5aacacba93bce05c7a0b3025a8938bc431547d59c6d7dfc8959c3d3d830994e_amd64",
"8Base-RHOSE-4.13:openshift4/bare-metal-event-relay-rhel8-operator@sha256:05878d585437063c8098efe5cd8b0ebd67412e51aea21f7abc063f8d046690e6_amd64",
"8Base-RHOSE-4.13:openshift4/baremetal-hardware-event-proxy-rhel8@sha256:c24fdab236d367bf677f997f8e48ba2c34b922f3816363a8407d4dca8c170819_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-operator-bundle@sha256:6adbc00c12329abfcdb5d30b56162678204a87df6df88933b7a8f08b34118722_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-precache-rhel8@sha256:c92ed15f1540e88f891723e4ae9168462be9597195aaf600be62c422bcdbca65_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-recovery-rhel8@sha256:9e9f24aa00d818b1915362aa9bddf8f504d574e7df43eb894e2d7fdd95948f16_amd64",
"8Base-RHOSE-4.13:openshift4/topology-aware-lifecycle-manager-rhel8-operator@sha256:3a3a3b6a09934c55325019d249cd064efcacd1140e228a10b566e2ba25e94b0e_amd64",
"8Base-RHOSE-4.13:openshift4/ztp-site-generate-rhel8@sha256:9d45f3b7e69485083a46433a03f36abfc8728c79384fd6a13b7ca710fc9a967e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vault: incorrect policy enforcement"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.