SB2022041369 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.7 packages

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) UNIX symbolic link following (CVE-ID: CVE-2022-25179)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. A remote user can configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

2) Code Injection (CVE-ID: CVE-2022-25182)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. A remote user can use specially crafted library names and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) OS Command Injection (CVE-ID: CVE-2022-25174)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the affected plugin uses the same checkout directories for distinct SCMs for Pipeline libraries. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Code Injection (CVE-ID: CVE-2022-25183)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected plugin uses the names of Pipeline libraries to create cache directories without any sanitization. A remote user can use specially crafted library names and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) UNIX symbolic link following (CVE-ID: CVE-2022-25176)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines. A remote user can create a specially crafted symbolic link to a critical file on the system and gain access to sensitive information.

6) Information disclosure (CVE-ID: CVE-2022-25180)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin includes password parameters from the original build in replayed builds. A remote user can gain unauthorized access to sensitive information on the system.

7) UNIX symbolic link following (CVE-ID: CVE-2022-25177)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. A remote user can create a specially crafted symbolic link to a critical file on the system and read arbitrary files on the Jenkins controller file system.

8) UNIX symbolic link following (CVE-ID: CVE-2022-25178)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin does not restrict the names of resources passed to the "libraryResource" step. A remote user can create a specially crafted symbolic link to a critical file on the system and read arbitrary files on the Jenkins controller file system.

9) Code Injection (CVE-ID: CVE-2022-25181)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name regardless of the SCM being used and the source of the library configuration. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

10) OS Command Injection (CVE-ID: CVE-2022-25175)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the affected plugin uses distinct checkout directories per SCM for the readTrusted step. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) OS Command Injection (CVE-ID: CVE-2022-25173)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the affected plugin uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

12) Information disclosure (CVE-ID: CVE-2022-25184)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator. A remote user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2022:1248