Multiple vulnerabilities in OpenShift Container Platform



Published: 2019-12-17 | Updated: 2019-12-17
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2019-10432
CVE-2019-10431
CVE-2019-11255
CVE-2017-18367
CVE-2019-11250
CVE-2019-14854
CVE-2019-10213
CWE-ID CWE-79
CWE-264
CWE-20
CWE-256
CWE-312
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Stored cross-site scripting

EUVDB-ID: #VU21523

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10432

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the affected plugin does not escape the project or build display name shown in the frame HTML page. A remote authenticated attacker who is able to control the project or build display name, typically users with Job/Configure or Build/Update permission can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4089

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU21522

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-10431

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the sandbox protection in the affected plugin can be circumvented through default parameter expressions in constructors. A remote authenticated attacker can specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins master JVM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4089

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU23548

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11255

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Kubernetes CSI sidecar containers for external-provisioner (versions prior to 0.4.3 and 1.0.2, in version 1.1,  and versions prior to 1.2.2 and 1.3.1), external-snapshotter (versions prior to 0.4.2 and 1.0.2, in version 1.1, versions prior to 1.2.2), and external-resizer (versions 0.1,  and 0.2) . A local user can gain unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4225

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU23633

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-18367

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input in libseccomp-golang. The software incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4087
http://access.redhat.com/errata/RHSA-2019:4090

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Unprotected storage of credentials

EUVDB-ID: #VU23636

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11250

CWE-ID: CWE-256 - Unprotected Storage of Credentials

Exploit availability: No

Description

The vulnerability allows a local user to gain access to other users' credentials.

The vulnerability exists due Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. A local user can view contents of the configuration file and gain access to passwords for 3rd party integration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4087

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Cleartext storage of sensitive information

EUVDB-ID: #VU23389

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-14854

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to library-go component did not sanitize secret data written to static Pod logs when an Operator's log level was set to Debug or higher. A local user can read Pod logs if the log level had already been modified in an Operator by a privileged user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4091

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Cleartext storage of sensitive information

EUVDB-ID: #VU23399

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10213

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to OpenShift Container Platform writes secrets in clear text into pod logs when the log level in a given operator is set to Debug or higher. A local user can read the log files and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.1.0 - 4.1.26


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:4088

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###