Main Vulnerability Database SB2021102117

SB2021102117 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.9

Published: October 21, 2021 Updated: June 2, 2022

Security Bulletin ID SB2021102117

Severity

High

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Insufficient Session Expiration (CVE-ID: CVE-2021-34428)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. If an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated.

2) Resource exhaustion (CVE-ID: CVE-2021-33196)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing archives. A remote attacker can pass a specially crafted .zip file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2021-28169)

The vulnerability allows a remote attacker to gain access to sensitive information..

The vulnerability exists due to a double decoding issue when parsing URI with certain characters. A remote attacker can send requests to the ConcatServlet and WelcomeFilter and view contents of protected resources within the WEB-INF directory.

Example:

/concat?/%2557EB-INF/web.xml

4) Use-after-free (CVE-ID: CVE-2021-36980)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. A remote attacker can send a specially crafted request to the system, trigger a use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2021:3758

Vulnerable Software

openshift (Red Hat package): 4.1.10-201908060758.git.0.d81afa6.el8 - 4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8
cri-o (Red Hat package): 1.13.11-0.7.dev.rhaos4.1.git9cb8f2f.el8 - 1.21.2-13.rhaos4.8.git52b3f98.el8
jenkins (Red Hat package): 2.289.1.1624020353-1.el8 - 2.289.2.1629437819-1.el8
openshift-kuryr (Red Hat package): 4.3.1-202002031701.git.1.cfa4a05.el8 - 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): 4.2.32-202005020632.git.1.1b0fab9.el8 - 4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8 - 4.8.1624022417-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8 - 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.7.3-0.20210804111215.b76050c.el8
cri-tools (Red Hat package): 1.13.0-3.rhaos4.1.gitb69a0b9.el8 - 1.21.0-3.el8
ignition (Red Hat package): 0.32.0-2.git5941fc0.el8 - 2.9.0-6.rhaos4.8.el8
toolbox (Red Hat package): 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): 1.0.0-61.rc8.rhaos4.2.git3cbe540.el8 - 1.0.0-98.rhaos4.8.gitcd80260.el8
python-sushy-oem-idrac (Red Hat package): 2.0.1-0.20210326152858.83b7eb0.el8
python-ironic-prometheus-exporter (Red Hat package): 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): 4.4.1-0.20210129211219.7ac01e1.el8 - 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): 0.24.1-4.el8 - 0.25.2-4.el8
openvswitch2.15 (Red Hat package): 2.15.0-9.el8fdp
openstack-ironic-inspector (Red Hat package): 10.6.1-0.20210406091336.579f59c.el8
kata-containers (Red Hat package): 2.1.0-4.el8
ironic-images (Red Hat package): 2021.1-20210614.1.el8
haproxy (Red Hat package): 2.2.13-1.el8
coreos-installer (Red Hat package): 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): 0.20.3-1.rhaos4.6.el8 - 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): 0.12.1-1.rhaos4.8.el8
Red Hat OpenShift Container Platform: before 4.9.0
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.9.el8
redhat-release-coreos (Red Hat package): before 49.84-2.el8
python-wcwidth (Red Hat package): before 0.1.7-14.el8ost
python-scciclient (Red Hat package): before 0.9.1-0.20210720102209.34ccd96.el8
python-pyperclip (Red Hat package): before 1.6.4-6.el8ost
python-pycdlib (Red Hat package): before 1.11.0-3.el8
python-osc-lib (Red Hat package): before 2.3.1-0.20210318171847.2b7a679.el8
python-ironicclient (Red Hat package): before 4.7.1-0.20210611202214.3d146fb.el8
python-dracclient (Red Hat package): before 5.1.1-0.20210318155434.98c7ea3.el8
python-cmd2 (Red Hat package): before 1.4.0-1.1.el8
python-cliff (Red Hat package): before 3.7.0-0.20210318182629.117a100.el8
ovn21.09 (Red Hat package): before 21.09.0-20.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-15.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.1.1-0.20210722155129.7f3de67.el8
openstack-ironic (Red Hat package): before 18.1.1-0.20210812092216.4aec741.el8