Multiple vulnerabilities in OpenShift Container Platform 4.7



Published: 2021-12-01
Risk High
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2021-21686
CVE-2021-21685
CVE-2021-21690
CVE-2021-21688
CVE-2021-21692
CVE-2021-21689
CVE-2021-21698
CVE-2021-21694
CVE-2021-21695
CVE-2021-21691
CVE-2021-21696
CVE-2021-21693
CVE-2021-21697
CVE-2021-21687
CWE-ID CWE-22
CWE-862
CWE-693
CWE-264
CWE-285
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
jenkins (Red Hat package)
Operating systems & Components / Operating system package or component

openshift (Red Hat package)
Operating systems & Components / Operating system package or component

cri-o (Red Hat package)
Operating systems & Components / Operating system package or component

jenkins-2-plugins (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU57979

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21686

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to file path filters do not canonicalize paths. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Authorization

EUVDB-ID: #VU57978

Risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21685

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected application does not check agent-to-controller access to create parent directories in FilePath#mkdirs. A remote attacker can read and write arbitrary files on the Jenkins controller file system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Protection Mechanism Failure

EUVDB-ID: #VU57983

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21690

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. An attacker can bypass implemented security restrictions and elevate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU57981

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21688

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the FilePath#reading(FileVisitor) does not reject any operations. A remote attacker can have unrestricted read access using certain operations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authorization

EUVDB-ID: #VU57985

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21692

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Missing Authorization

EUVDB-ID: #VU57982

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21689

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the FilePath#unzip and FilePath#untar are not subject to any access control. A remote attacker can read and write arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Path traversal

EUVDB-ID: #VU57991

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21698

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57987

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21694

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Missing Authorization

EUVDB-ID: #VU57988

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21695

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the FilePath#listFiles lists files outside directories with agent read access when following symbolic links. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Missing Authorization

EUVDB-ID: #VU57984

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21691

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to creating symbolic links is possible without the symlink permission. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Protection Mechanism Failure

EUVDB-ID: #VU57989

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21696

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the affected application does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. A remote authenticated attacker can replace the code of a trusted library with a modified variant and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Authorization

EUVDB-ID: #VU57986

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21693

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to permission to create files is only checked after they’ve been created. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Missing Authorization

EUVDB-ID: #VU57990

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21697

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected application allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Missing Authorization

EUVDB-ID: #VU57980

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21687

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected application does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. A remote attacker can compromise the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jenkins (Red Hat package): 2.303.3.1637595827-1.el8 - 2.303.3.1637596565-1.el8

Red Hat OpenShift Container Platform: 4.7.0 - 4.7.37

openshift (Red Hat package): 4.7.0-202103181538.p0.git.97109.7576cdc.el7 - 4.7.0-202109172126.p0.git.bbbc079.assembly.stream.el8

cri-o (Red Hat package): 1.20.2-3.rhaos4.7.gitfecc319.el7 - 1.20.4-8.rhaos4.7.git74c6592.el8

jenkins-2-plugins (Red Hat package): 4.7.1621361158-1.el8

External links

http://access.redhat.com/errata/RHSA-2021:4801


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###