Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU35005
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1002102
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
MitigationInstall updates from vendor's website.
openshift-kuryr (Red Hat package): 3.11.153-1.git.1.073ef06.el7 - 3.11.248-1.git.1.f90c804.el7
openshift-enterprise-cluster-capacity (Red Hat package): 3.11.16-1.git.380.1406f2f.el7 - 3.11.248-1.git.1.37b107c.el7
openshift-enterprise-autoheal (Red Hat package): 3.11.16-1.git.219.5443970.el7 - 3.11.248-1.git.1.0020348.el7
openshift-ansible (Red Hat package): 3.11.16-1.git.0.4ac6f81.el7 - 3.11.248-1.git.0.fd212c7.el7
golang-github-prometheus-prometheus (Red Hat package): 3.11.16-1.git.5020.5e81ed1.el7 - 3.11.248-1.git.1.ad54f5b.el7
golang-github-prometheus-node_exporter (Red Hat package): 3.11.16-1.git.1056.1583d2a.el7 - 3.11.248-1.git.1.32f87fc.el7
golang-github-prometheus-alertmanager (Red Hat package): 3.11.16-1.git.0.be735ec.el7 - 3.11.248-1.git.1.66abd18.el7
golang-github-openshift-oauth-proxy (Red Hat package): 3.11.16-1.git.409.922769e.el7 - 3.11.248-1.git.1.9885abb.el7
atomic-openshift-service-idler (Red Hat package): 3.11.16-1.git.14.a65cbf0.el7 - 3.11.248-1.git.1.4c42a90.el7
atomic-openshift-node-problem-detector (Red Hat package): 3.11.16-1.git.198.95f4dfa.el7 - 3.11.248-1.git.1.628ff22.el7
atomic-openshift-metrics-server (Red Hat package): 3.11.16-1.git.52.9fd74a8.el7 - 3.11.248-1.git.1.b53e0e3.el7
atomic-openshift-dockerregistry (Red Hat package): 3.11.51-1.git.446.d29ce0e.el7 - 3.11.248-1.git.1.bb4a1fc.el7
atomic-openshift-descheduler (Red Hat package): 3.11.16-1.git.300.abfab3c.el7 - 3.11.248-1.git.1.108ef32.el7
atomic-openshift-cluster-autoscaler (Red Hat package): 3.11.16-1.git.0.8c8305e.el7 - 3.11.248-1.git.1.b5530f6.el7
atomic-enterprise-service-catalog (Red Hat package): 3.11.16-1.git.1633.05087cb.el7 - 3.11.248-1.git.1.9aad2ef.el7
atomic-openshift-web-console (Red Hat package): 3.11.16-1.git.289.ecf7441.el7 - 3.11.219-1.git.1.9b9b889.el7
atomic-openshift (Red Hat package): 3.11.16-1.git.0.b48b8f8.el7 - 3.11.219-1.git.0.0c21387.el7
Red Hat OpenShift Container Platform: before 3.11.343
External linkshttp://access.redhat.com/errata/RHSA-2020:5363
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU34130
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-8559
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code.
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
MitigationInstall updates from vendor's website.
openshift-kuryr (Red Hat package): 3.11.153-1.git.1.073ef06.el7 - 3.11.248-1.git.1.f90c804.el7
openshift-enterprise-cluster-capacity (Red Hat package): 3.11.16-1.git.380.1406f2f.el7 - 3.11.248-1.git.1.37b107c.el7
openshift-enterprise-autoheal (Red Hat package): 3.11.16-1.git.219.5443970.el7 - 3.11.248-1.git.1.0020348.el7
openshift-ansible (Red Hat package): 3.11.16-1.git.0.4ac6f81.el7 - 3.11.248-1.git.0.fd212c7.el7
golang-github-prometheus-prometheus (Red Hat package): 3.11.16-1.git.5020.5e81ed1.el7 - 3.11.248-1.git.1.ad54f5b.el7
golang-github-prometheus-node_exporter (Red Hat package): 3.11.16-1.git.1056.1583d2a.el7 - 3.11.248-1.git.1.32f87fc.el7
golang-github-prometheus-alertmanager (Red Hat package): 3.11.16-1.git.0.be735ec.el7 - 3.11.248-1.git.1.66abd18.el7
golang-github-openshift-oauth-proxy (Red Hat package): 3.11.16-1.git.409.922769e.el7 - 3.11.248-1.git.1.9885abb.el7
atomic-openshift-service-idler (Red Hat package): 3.11.16-1.git.14.a65cbf0.el7 - 3.11.248-1.git.1.4c42a90.el7
atomic-openshift-node-problem-detector (Red Hat package): 3.11.16-1.git.198.95f4dfa.el7 - 3.11.248-1.git.1.628ff22.el7
atomic-openshift-metrics-server (Red Hat package): 3.11.16-1.git.52.9fd74a8.el7 - 3.11.248-1.git.1.b53e0e3.el7
atomic-openshift-dockerregistry (Red Hat package): 3.11.51-1.git.446.d29ce0e.el7 - 3.11.248-1.git.1.bb4a1fc.el7
atomic-openshift-descheduler (Red Hat package): 3.11.16-1.git.300.abfab3c.el7 - 3.11.248-1.git.1.108ef32.el7
atomic-openshift-cluster-autoscaler (Red Hat package): 3.11.16-1.git.0.8c8305e.el7 - 3.11.248-1.git.1.b5530f6.el7
atomic-enterprise-service-catalog (Red Hat package): 3.11.16-1.git.1633.05087cb.el7 - 3.11.248-1.git.1.9aad2ef.el7
atomic-openshift-web-console (Red Hat package): 3.11.16-1.git.289.ecf7441.el7 - 3.11.219-1.git.1.9b9b889.el7
atomic-openshift (Red Hat package): 3.11.16-1.git.0.b48b8f8.el7 - 3.11.219-1.git.0.0c21387.el7
Red Hat OpenShift Container Platform: before 3.11.343
External linkshttp://access.redhat.com/errata/RHSA-2020:5363
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.