Security restrictions bypass in OpenShift Container Platform 3.11



Published: 2021-06-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-30465
CWE-ID CWE-254
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

openshift-kuryr (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-enterprise-cluster-capacity (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-enterprise-autoheal (Red Hat package)
Operating systems & Components / Operating system package or component

openshift-ansible (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-prometheus (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-node_exporter (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-prometheus-alertmanager (Red Hat package)
Operating systems & Components / Operating system package or component

golang-github-openshift-oauth-proxy (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-web-console (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-service-idler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-node-problem-detector (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-metrics-server (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-dockerregistry (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-descheduler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift-cluster-autoscaler (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-openshift (Red Hat package)
Operating systems & Components / Operating system package or component

atomic-enterprise-service-catalog (Red Hat package)
Operating systems & Components / Operating system package or component

runc (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU53399

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30465

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the security features bypass issue. A remote authenticated attacker on the local network can perform a symlink exchange attack and host filesystem being bind-mounted into the container.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 3.11.0 - 3.11.439

openshift-kuryr (Red Hat package): 3.11.153-1.git.1.073ef06.el7 - 3.11.420-1.git.1500.afe0076.el7

openshift-enterprise-cluster-capacity (Red Hat package): 3.11.16-1.git.380.1406f2f.el7 - 3.11.420-1.git.379.aa3bf1b.el7

openshift-enterprise-autoheal (Red Hat package): 3.11.16-1.git.219.5443970.el7 - 3.11.420-1.git.218.439a0dd.el7

openshift-ansible (Red Hat package): 3.11.16-1.git.0.4ac6f81.el7 - 3.11.420-1.git.0.336dcef.el7

golang-github-prometheus-prometheus (Red Hat package): 3.11.16-1.git.5020.5e81ed1.el7 - 3.11.420-1.git.5026.1e8cb9c.el7

golang-github-prometheus-node_exporter (Red Hat package): 3.11.16-1.git.1056.1583d2a.el7 - 3.11.420-1.git.1062.26157c1.el7

golang-github-prometheus-alertmanager (Red Hat package): 3.11.16-1.git.0.be735ec.el7 - 3.11.420-1.git.0.9300c91.el7

golang-github-openshift-oauth-proxy (Red Hat package): 3.11.16-1.git.409.922769e.el7 - 3.11.420-1.git.439.bfcc32b.el7

atomic-openshift-web-console (Red Hat package): 3.11.16-1.git.289.ecf7441.el7 - 3.11.420-1.git.693.897d713.el7

atomic-openshift-service-idler (Red Hat package): 3.11.16-1.git.14.a65cbf0.el7 - 3.11.420-1.git.15.021a26a.el7

atomic-openshift-node-problem-detector (Red Hat package): 3.11.16-1.git.198.95f4dfa.el7 - 3.11.420-1.git.616.0e0f24d.el7

atomic-openshift-metrics-server (Red Hat package): 3.11.16-1.git.52.9fd74a8.el7 - 3.11.420-1.git.53.4b2f788.el7

atomic-openshift-dockerregistry (Red Hat package): 3.11.51-1.git.446.d29ce0e.el7 - 3.11.420-1.git.481.b7f0e25.el7

atomic-openshift-descheduler (Red Hat package): 3.11.16-1.git.300.abfab3c.el7 - 3.11.420-1.git.299.1441464.el7

atomic-openshift-cluster-autoscaler (Red Hat package): 3.11.16-1.git.0.8c8305e.el7 - 3.11.420-1.git.0.5eb2514.el7

atomic-openshift (Red Hat package): 3.11.16-1.git.0.b48b8f8.el7 - 3.11.420-1.git.0.14645d0.el7

atomic-enterprise-service-catalog (Red Hat package): 3.11.16-1.git.1633.05087cb.el7 - 3.11.420-1.git.1675.fc6e217.el7

runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8

External links

http://access.redhat.com/errata/RHSA-2021:2150


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###