Openshift Red Hat Openshift

Do you want an email whenever new security vulnerabilities are reported in Red Hat Openshift?

Recent Red Hat Openshift Security Advisories

Advisory Title Published
RHSA-2021:4766 (RHSA-2021:4766) Moderate: Release of OpenShift Serverless 1.19.0 November 23, 2021
RHSA-2021:4765 (RHSA-2021:4765) Moderate: Release of OpenShift Serverless Client kn 1.19.0 November 23, 2021
RHSA-2021:4725 (RHSA-2021:4725) Moderate: OpenShift Virtualization 2.6.8 Images security and bug fix update November 17, 2021
RHSA-2021:4722 (RHSA-2021:4722) Moderate: OpenShift Virtualization 2.6.8 RPMs security and bug fix update November 17, 2021
RHSA-2021:4032 (RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update November 17, 2021
RHSA-2021:4628 (RHSA-2021:4628) Low: Openshift Logging 5.1.4 bug fix and security update November 17, 2021
RHSA-2021:4627 (RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update November 15, 2021
RHSA-2021:4118 (RHSA-2021:4118) Moderate: OpenShift Container Platform 4.9.6 packages and security update November 10, 2021
RHSA-2021:4008 (RHSA-2021:4008) Moderate: OpenShift Container Platform 4.6.49 security update November 3, 2021
RHSA-2021:4103 (RHSA-2021:4103) Moderate: OpenShift Virtualization 4.9.0 RPMs security and bug fix update November 2, 2021

By the Year

In 2021 there have been 6 vulnerabilities in Red Hat Openshift with an average score of 6.6 out of ten. Last year Openshift had 11 security vulnerabilities published. Right now, Openshift is on track to have less security vulnerabilities in 2021 than it did last year. Last year, the average CVE base score was greater by 0.09

Year Vulnerabilities Average Score
2021 6 6.60
2020 11 6.69
2019 4 5.93
2018 8 6.95

It may take a day or so for new Openshift vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Openshift Security Vulnerabilities

It was found in OpenShift, before version 4.8

CVE-2021-3636 4.6 - Medium - July 30, 2021

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.

authentification

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift

CVE-2020-35514 7 - High - June 02, 2021

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.

Incorrect Privilege Assignment

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage

CVE-2020-1761 6.1 - Medium - May 27, 2021

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

Improperly Implemented Security Check for Standard

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11

CVE-2019-19350 7.8 - High - March 24, 2021

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Privilege Assignment

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4

CVE-2019-19349 7.8 - High - March 24, 2021

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Incorrect Privilege Assignment

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey

CVE-2019-10225 6.3 - Medium - March 19, 2021

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

Insufficiently Protected Credentials

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x

CVE-2020-10715 4.3 - Medium - September 16, 2020

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

Improper Input Validation

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can

CVE-2020-1759 6.8 - Medium - April 13, 2020

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Reusing a Nonce, Key Pair in Encryption

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb

CVE-2019-19346 7 - High - April 02, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base

CVE-2019-19348 7 - High - April 02, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0

CVE-2020-1707 7 - High - March 20, 2020

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0

CVE-2020-1709 7.8 - High - March 20, 2020

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0

CVE-2019-19345 7.8 - High - March 20, 2020

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Improper Privilege Management

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk

CVE-2019-19355 7 - High - March 18, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.

Improper Privilege Management

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins

CVE-2019-19351 7 - High - March 18, 2020

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

Improper Privilege Management

During installation of an OpenShift 4 cluster

CVE-2019-19335 4.4 - Medium - March 18, 2020

During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.

Incorrect Permission Assignment for Critical Resource

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685 7.5 - High - February 19, 2020

Nokogiri before 1.5.4 is vulnerable to XXE attacks

XEE

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3

CVE-2019-14845 5.3 - Medium - October 08, 2019

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

Download of Code Without Integrity Check

On version 1.9.0

CVE-2019-6648 4.4 - Medium - September 04, 2019

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

Insertion of Sensitive Information into Log File

A vulnerability exists in the garbage collection mechanism of atomic-openshift

CVE-2019-3884 5.4 - Medium - August 01, 2019

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

authentification

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access

CVE-2019-5736 8.6 - High - February 11, 2019

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Shell injection

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2

CVE-2018-14645 7.5 - High - September 21, 2018

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

Out-of-bounds Read

A flaw was found in ansible

CVE-2018-10875 7.8 - High - July 13, 2018

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Untrusted Path

In atomic-openshift before version 3.10.9 a malicious network-policy configuration

CVE-2018-10885 7.5 - High - July 05, 2018

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.

Improper Input Validation

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions

CVE-2018-1257 6.5 - Medium - May 11, 2018

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389)

CVE-2017-2611 4.3 - Medium - May 08, 2018

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.

AuthZ

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x

CVE-2018-1102 8.8 - High - April 30, 2018

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

Directory traversal

The DPDK vhost-user interface does not check to verify

CVE-2018-1059 6.1 - Medium - April 24, 2018

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Information Disclosure

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems

CVE-2018-1069 7.1 - High - March 09, 2018

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

Incorrect Permission Assignment for Critical Resource

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3

CVE-2015-7501 9.8 - Critical - November 09, 2017

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Marshaling, Unmarshaling

Kubernetes in OpenShift3

CVE-2015-7561 3.1 - Low - August 07, 2017

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

Permissions, Privileges, and Access Controls

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kubernetes or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe