Red Hat Openshift
Recent Red Hat Openshift Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2024:7594 | (RHSA-2024:7594) Important: OpenShift Container Platform 4.15.36 security update | October 9, 2024 |
RHSA-2024:7599 | (RHSA-2024:7599) Important: OpenShift Container Platform 4.16.16 bug fix and security update | October 9, 2024 |
RHSA-2024:7590 | (RHSA-2024:7590) Important: OpenShift Container Platform 4.12.67 bug fix and security update | October 9, 2024 |
RHSA-2024:7323 | (RHSA-2024:7323) Moderate: Logging for Red Hat OpenShift - 5.6.24 | October 7, 2024 |
RHSA-2024:7744 | (RHSA-2024:7744) Moderate: Red Hat OpenShift Data Foundation 4.13.12 security, enhancement & bug fix update | October 7, 2024 |
RHSA-2024:7726 | (RHSA-2024:7726) Important: Red Hat OpenShift Service Mesh Containers for 2.6.2 | October 7, 2024 |
RHSA-2024:7725 | (RHSA-2024:7725) Important: Red Hat OpenShift Service Mesh Containers for 2.5.5 | October 7, 2024 |
RHSA-2024:7724 | (RHSA-2024:7724) Important: Red Hat OpenShift Service Mesh Containers for 2.4.11 | October 7, 2024 |
RHSA-2024:7624 | (RHSA-2024:7624) Important: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update | October 3, 2024 |
RHSA-2024:7187 | (RHSA-2024:7187) Moderate: OpenShift Container Platform 4.14.38 security update | October 3, 2024 |
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Openshift . Last year Openshift had 3 security vulnerabilities published. Right now, Openshift is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 6.37 |
2022 | 13 | 6.46 |
2021 | 6 | 6.60 |
2020 | 12 | 6.95 |
2019 | 6 | 6.80 |
2018 | 12 | 6.68 |
It may take a day or so for new Openshift vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Security Vulnerabilities
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11
CVE-2023-0229
6.3 - Medium
- January 26, 2023
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component
CVE-2023-0296
5.3 - Medium
- January 17, 2023
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
Use of a Broken or Risky Cryptographic Algorithm
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may
CVE-2022-3259
7.4 - High
- December 09, 2022
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
Improper Initialization
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack
CVE-2022-3260
4.8 - Medium
- December 08, 2022
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
Clickjacking
A flaw was found in Openshift
CVE-2022-3262
8.1 - High
- December 08, 2022
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
Insecure Default Initialization of Resource
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could
CVE-2013-4281
5.5 - Medium
- October 19, 2022
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
Incorrect Default Permissions
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts
CVE-2013-4253
7.5 - High
- October 19, 2022
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
Exposure of Resource to Wrong Sphere
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift
CVE-2017-7517
3.5 - Low
- October 17, 2022
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.
Improper Input Validation
A credentials leak was found in the OpenShift Container Platform
CVE-2022-2403
6.5 - Medium
- September 01, 2022
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete
CVE-2021-4125
8.1 - High
- August 24, 2022
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
Marshaling, Unmarshaling
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap
CVE-2021-3697
7 - High
- July 06, 2022
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader
CVE-2021-3696
4.5 - Medium
- July 06, 2022
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area
CVE-2021-3695
4.5 - Medium
- July 06, 2022
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file
CVE-2013-4561
9.1 - Critical
- June 30, 2022
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
Exposure of Resource to Wrong Sphere
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing
CVE-2021-4047
7.5 - High
- April 11, 2022
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
Improper Input Validation
It was found in OpenShift, before version 4.8
CVE-2021-3636
4.6 - Medium
- July 30, 2021
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
authentification
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift
CVE-2020-35514
7 - High
- June 02, 2021
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.
Incorrect Privilege Assignment
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage
CVE-2020-1761
6.1 - Medium
- May 27, 2021
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4
CVE-2019-19349
7.8 - High
- March 24, 2021
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Incorrect Privilege Assignment
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11
CVE-2019-19350
7.8 - High
- March 24, 2021
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Incorrect Privilege Assignment
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey
CVE-2019-10225
6.3 - Medium
- March 19, 2021
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
Insufficiently Protected Credentials
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x
CVE-2020-10715
4.3 - Medium
- September 16, 2020
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.
Improper Input Validation
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can
CVE-2020-1759
6.8 - Medium
- April 13, 2020
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Reusing a Nonce, Key Pair in Encryption
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb
CVE-2019-19346
7 - High
- April 02, 2020
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Improper Privilege Management
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base
CVE-2019-19348
7 - High
- April 02, 2020
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Improper Privilege Management
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0
CVE-2019-19345
7.8 - High
- March 20, 2020
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Incorrect Privilege Assignment
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0
CVE-2020-1709
7.8 - High
- March 20, 2020
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Incorrect Permission Assignment for Critical Resource
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0
CVE-2020-1707
7 - High
- March 20, 2020
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Incorrect Permission Assignment for Critical Resource
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk
CVE-2019-19355
7 - High
- March 18, 2020
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
Incorrect Privilege Assignment
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins
CVE-2019-19351
7 - High
- March 18, 2020
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
Incorrect Privilege Assignment
During installation of an OpenShift 4 cluster
CVE-2019-19335
4.4 - Medium
- March 18, 2020
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
Incorrect Permission Assignment for Critical Resource
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2012-6685
7.5 - High
- February 19, 2020
Nokogiri before 1.5.4 is vulnerable to XXE attacks
XEE
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which
CVE-2014-0234
9.8 - Critical
- February 12, 2020
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
Insecure Default Initialization of Resource
mcollective has a default password set at install
CVE-2014-0175
9.8 - Critical
- December 13, 2019
mcollective has a default password set at install
Use of Hard-coded Credentials
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2013-0165
7.3 - High
- November 01, 2019
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
Improper Input Validation
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3
CVE-2019-14845
5.3 - Medium
- October 08, 2019
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
Download of Code Without Integrity Check
On version 1.9.0
CVE-2019-6648
4.4 - Medium
- September 04, 2019
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
Insertion of Sensitive Information into Log File
A vulnerability exists in the garbage collection mechanism of atomic-openshift
CVE-2019-3884
5.4 - Medium
- August 01, 2019
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Authentication Bypass by Spoofing
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access
CVE-2019-5736
8.6 - High
- February 11, 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Shell injection
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2
CVE-2018-14645
7.5 - High
- September 21, 2018
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
Out-of-bounds Read
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields
CVE-2016-7075
8.1 - High
- September 10, 2018
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
Improper Certificate Validation
An input validation flaw was found in the way OpenShift 3 handles requests for images
CVE-2016-8651
3.5 - Low
- August 01, 2018
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
Improper Input Validation
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes
CVE-2016-8631
7.7 - High
- July 31, 2018
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
Improper Input Validation
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example
CVE-2017-15137
5.3 - Medium
- July 16, 2018
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
Improper Input Validation
A flaw was found in ansible
CVE-2018-10875
7.8 - High
- July 13, 2018
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Untrusted Path
In atomic-openshift before version 3.10.9 a malicious network-policy configuration
CVE-2018-10885
7.5 - High
- July 05, 2018
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
Improper Input Validation
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions
CVE-2018-1257
6.5 - Medium
- May 11, 2018
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389)
CVE-2017-2611
4.3 - Medium
- May 08, 2018
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
AuthZ
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x
CVE-2018-1102
8.8 - High
- April 30, 2018
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Improper Input Validation
The DPDK vhost-user interface does not check to verify
CVE-2018-1059
6.1 - Medium
- April 24, 2018
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Information Disclosure
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems
CVE-2018-1069
7.1 - High
- March 09, 2018
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
Incorrect Permission Assignment for Critical Resource
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3
CVE-2015-7501
9.8 - Critical
- November 09, 2017
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Marshaling, Unmarshaling
Kubernetes in OpenShift3
CVE-2015-7561
3.1 - Low
- August 07, 2017
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
Permissions, Privileges, and Access Controls
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack
CVE-2017-1000376
7 - High
- June 19, 2017
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
Buffer Overflow
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment
CVE-2016-5392
6.5 - Medium
- August 05, 2016
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
Information Disclosure
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which
CVE-2016-2142
5.5 - Medium
- June 08, 2016
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
Information Disclosure
Red Hat OpenShift Enterprise 3.2
CVE-2016-2149
6.5 - Medium
- June 08, 2016
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
Information Disclosure
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which
CVE-2016-3703
5.3 - Medium
- June 08, 2016
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
Authorization
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace
CVE-2016-3708
7.1 - High
- June 08, 2016
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
Authorization
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin
CVE-2016-3711
3.3 - Low
- June 08, 2016
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
Information Disclosure
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which
CVE-2016-3738
8.8 - High
- June 08, 2016
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
Permissions, Privileges, and Access Controls
Jenkins before 2.3 and LTS before 1.651.2 might
CVE-2016-3721
6.5 - Medium
- May 17, 2016
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
DEPRECATED: Code
Kubernetes before 1.2.0-alpha.5
CVE-2015-7528
5.3 - Medium
- April 11, 2016
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
Information Disclosure
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0
CVE-2015-5305
- November 06, 2015
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Directory traversal
rubygem-openshift-origin-console in Red Hat OpenShift 2.2
CVE-2015-5274
- September 18, 2015
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
Command Injection
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which
CVE-2015-5222
- August 24, 2015
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
Permissions, Privileges, and Access Controls
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name
CVE-2014-0233
- November 16, 2014
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
Code Injection
Red Hat OpenShift Enterprise before 2.2
CVE-2014-3602
- November 13, 2014
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
Permissions, Privileges, and Access Controls
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which
CVE-2014-3674
- November 13, 2014
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
Permissions, Privileges, and Access Controls
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which
CVE-2014-3667
- October 16, 2014
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Information Disclosure
Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3661
- October 16, 2014
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
Resource Management Errors
Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3662
- October 16, 2014
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Information Disclosure
Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3663
- October 16, 2014
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
Permissions, Privileges, and Access Controls
Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3680
- October 16, 2014
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Information Disclosure
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3681
- October 15, 2014
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
XSS
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3
CVE-2014-3664
- October 15, 2014
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
Directory traversal
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1
CVE-2014-3496
- June 20, 2014
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
Code Injection
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which
CVE-2014-0164
- May 05, 2014
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
Cryptographic Issues
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which
CVE-2014-0188
- April 24, 2014
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
authentification
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby
CVE-2013-2119
- January 03, 2014
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Permissions, Privileges, and Access Controls
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1
CVE-2013-0164
- February 24, 2013
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Permissions, Privileges, and Access Controls
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3
CVE-2012-5646
- February 24, 2013
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Improper Input Validation
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5
CVE-2012-5622
- December 18, 2012
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift or by Red Hat? Click the Watch button to subscribe.