Openshift Red Hat Openshift

Do you want an email whenever new security vulnerabilities are reported in Red Hat Openshift?

Recent Red Hat Openshift Security Advisories

Advisory Title Published
RHSA-2022:6560 (RHSA-2022:6560) Moderate: Openshift Logging Bug Fix Release and Security Update (5.3.12) September 26, 2022
RHSA-2022:6681 (RHSA-2022:6681) Important: OpenShift Virtualization 4.9.6 Images security and bug fix update September 22, 2022
RHSA-2022:6531 (RHSA-2022:6531) Important: OpenShift Container Platform 4.10.33 packages and security update September 21, 2022
RHSA-2022:6536 (RHSA-2022:6536) Moderate: OpenShift Container Platform 4.11.5 bug fix and security update September 20, 2022
RHSA-2022:6535 (RHSA-2022:6535) Low: OpenShift Container Platform 4.11.5 packages and security update September 20, 2022
RHSA-2022:6537 (RHSA-2022:6537) Moderate: Moderate:OpenShift Container Platform 4.11.5 security and extras update September 20, 2022
RHSA-2022:6527 (RHSA-2022:6527) Moderate: OpenShift Virtualization 4.11.0 RPMs security and bug fix update September 15, 2022
RHSA-2022:6308 (RHSA-2022:6308) Important: OpenShift Container Platform 4.8.49 security update September 14, 2022
RHSA-2022:6526 (RHSA-2022:6526) Important: OpenShift Virtualization 4.11.0 Images security and bug fix update September 14, 2022
RHSA-2022:6322 (RHSA-2022:6322) Moderate: OpenShift Container Platform 4.7.59 bug fix and security update September 13, 2022

By the Year

In 2022 there have been 7 vulnerabilities in Red Hat Openshift with an average score of 6.7 out of ten. Last year Openshift had 6 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.14.

Year Vulnerabilities Average Score
2022 7 6.74
2021 6 6.60
2020 11 6.69
2019 4 5.93
2018 8 6.95

It may take a day or so for new Openshift vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Openshift Security Vulnerabilities

A credentials leak was found in the OpenShift Container Platform

CVE-2022-2403 6.5 - Medium - September 01, 2022

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.

Exposure of Resource to Wrong Sphere

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete

CVE-2021-4125 8.1 - High - August 24, 2022

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Marshaling, Unmarshaling

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area

CVE-2021-3695 4.5 - Medium - July 06, 2022

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader

CVE-2021-3696 4.5 - Medium - July 06, 2022

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap

CVE-2021-3697 7 - High - July 06, 2022

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file

CVE-2013-4561 9.1 - Critical - June 30, 2022

In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.

Exposure of Resource to Wrong Sphere

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing

CVE-2021-4047 7.5 - High - April 11, 2022

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

It was found in OpenShift, before version 4.8

CVE-2021-3636 4.6 - Medium - July 30, 2021

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.

authentification

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift

CVE-2020-35514 7 - High - June 02, 2021

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Incorrect Privilege Assignment

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage

CVE-2020-1761 6.1 - Medium - May 27, 2021

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11

CVE-2019-19350 7.8 - High - March 24, 2021

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Privilege Assignment

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4

CVE-2019-19349 7.8 - High - March 24, 2021

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Privilege Assignment

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey

CVE-2019-10225 6.3 - Medium - March 19, 2021

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

Insufficiently Protected Credentials

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x

CVE-2020-10715 4.3 - Medium - September 16, 2020

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

Improper Input Validation

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can

CVE-2020-1759 6.8 - Medium - April 13, 2020

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Reusing a Nonce, Key Pair in Encryption

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb

CVE-2019-19346 7 - High - April 02, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base

CVE-2019-19348 7 - High - April 02, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0

CVE-2019-19345 7.8 - High - March 20, 2020

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0

CVE-2020-1707 7 - High - March 20, 2020

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Permission Assignment for Critical Resource

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0

CVE-2020-1709 7.8 - High - March 20, 2020

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Permission Assignment for Critical Resource

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins

CVE-2019-19351 7 - High - March 18, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

Improper Privilege Management

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk

CVE-2019-19355 7 - High - March 18, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.

Improper Privilege Management

During installation of an OpenShift 4 cluster

CVE-2019-19335 4.4 - Medium - March 18, 2020

During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.

Incorrect Permission Assignment for Critical Resource

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685 7.5 - High - February 19, 2020

Nokogiri before 1.5.4 is vulnerable to XXE attacks

XEE

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3

CVE-2019-14845 5.3 - Medium - October 08, 2019

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

Download of Code Without Integrity Check

On version 1.9.0

CVE-2019-6648 4.4 - Medium - September 04, 2019

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

Insertion of Sensitive Information into Log File

A vulnerability exists in the garbage collection mechanism of atomic-openshift

CVE-2019-3884 5.4 - Medium - August 01, 2019

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

authentification

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access

CVE-2019-5736 8.6 - High - February 11, 2019

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Shell injection

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2

CVE-2018-14645 7.5 - High - September 21, 2018

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

Out-of-bounds Read

A flaw was found in ansible

CVE-2018-10875 7.8 - High - July 13, 2018

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Untrusted Path

In atomic-openshift before version 3.10.9 a malicious network-policy configuration

CVE-2018-10885 7.5 - High - July 05, 2018

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.

Improper Input Validation

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions

CVE-2018-1257 6.5 - Medium - May 11, 2018

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389)

CVE-2017-2611 4.3 - Medium - May 08, 2018

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

AuthZ

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x

CVE-2018-1102 8.8 - High - April 30, 2018

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

Directory traversal

The DPDK vhost-user interface does not check to verify

CVE-2018-1059 6.1 - Medium - April 24, 2018

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Information Disclosure

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems

CVE-2018-1069 7.1 - High - March 09, 2018

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

Incorrect Permission Assignment for Critical Resource

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3

CVE-2015-7501 9.8 - Critical - November 09, 2017

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Marshaling, Unmarshaling

Kubernetes in OpenShift3

CVE-2015-7561 3.1 - Low - August 07, 2017

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

Permissions, Privileges, and Access Controls

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kubernetes or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe