Multiple vulnerabilities in Red Hat OpenShift Data Foundation



Published: 2022-08-25 | Updated: 2022-11-15
Risk High
Patch available YES
Number of vulnerabilities 36
CVE-ID CVE-2022-2068
CVE-2022-0670
CVE-2022-1292
CVE-2022-1586
CVE-2022-1785
CVE-2022-1897
CVE-2022-1927
CVE-2022-2097
CVE-2019-10747
CVE-2022-22576
CVE-2022-25313
CVE-2022-25314
CVE-2022-27774
CVE-2022-27776
CVE-2022-27782
CVE-2022-29824
CVE-2021-40528
CVE-2022-31129
CVE-2021-23440
CVE-2022-23806
CVE-2021-23566
CVE-2022-0235
CVE-2022-0536
CVE-2022-1650
CVE-2022-21698
CVE-2022-23772
CVE-2022-23773
CVE-2022-24675
CVE-2022-29810
CVE-2022-24771
CVE-2022-24772
CVE-2022-24773
CVE-2022-24785
CVE-2022-24921
CVE-2022-28327
CVE-2022-29526
CWE-ID CWE-78
CWE-264
CWE-125
CWE-787
CWE-311
CWE-400
CWE-287
CWE-121
CWE-190
CWE-200
CWE-303
CWE-327
CWE-185
CWE-20
CWE-252
CWE-863
CWE-120
CWE-532
CWE-347
CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #24 is available.
Public exploit code for vulnerability #27 is available.
Vulnerable software
Subscribe
OpenShift Data Foundation (formerly OpenShift Container Storage)
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 36 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66440

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0670

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to an error within the "volumes" plugin in Ceph Manager. The Openstack manilla owning a Ceph File system "share" enables the owner to read/write any manilla share or entire file system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU63945

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1586

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU63487

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1785

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code

The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds write

EUVDB-ID: #VU64506

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1897

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU64508

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1927

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Missing Encryption of Sensitive Data

EUVDB-ID: #VU64922

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2097

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Prototype pollution

EUVDB-ID: #VU20426

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-10747

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the "set-value" function fails to validate which Object properties it updates.  A remote attacker can modify the prototype of Object using any of the constructor, prototype and "_proto_ payloads", causing the addition or modification of an existing property on all objects, trigger resource exhaustion and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper Authentication

EUVDB-ID: #VU62640

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22576

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Stack-based buffer overflow

EUVDB-ID: #VU60737

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-25313

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Integer overflow

EUVDB-ID: #VU60738

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25314

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Information disclosure

EUVDB-ID: #VU62641

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27774

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.

By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Information disclosure

EUVDB-ID: #VU62644

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-27776

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Integer overflow

EUVDB-ID: #VU62741

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29824

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU56685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40528

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Incorrect Regular Expression

EUVDB-ID: #VU65835

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31129

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Improper input validation

EUVDB-ID: #VU60087

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-23440

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Policy (set-value) component in Oracle Communications Cloud Native Core Policy. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Unchecked Return Value

EUVDB-ID: #VU62036

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23806

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Information disclosure

EUVDB-ID: #VU59833

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-23566

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the valueOf() function. A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Information disclosure

EUVDB-ID: #VU61471

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0235

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Information disclosure

EUVDB-ID: #VU61668

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0536

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Information disclosure

EUVDB-ID: #VU63777

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1650

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Input validation error

EUVDB-ID: #VU61599

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21698

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Resource exhaustion

EUVDB-ID: #VU62038

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23772

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Rat.SetString(0 function in math/big. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Incorrect authorization

EUVDB-ID: #VU62037

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23773

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to  a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Buffer overflow

EUVDB-ID: #VU64266

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-24675

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU64700

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29810

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to go-getter library can write SSH credentials into its log file. A local user with access to log files can read credentials in clear text, which may lead to privilege escalation or account takeover.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU65749

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24771

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to a improper signature verification when checking the digestAlgorithm structure. A remote unauthenticated attacker can use a specially-crafted structure to steal padding bytes and use unchecked portion of the PKCS#1 encoded message to exploit this vulnerability and forge a signature when a low public exponent is being used.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU66758

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24772

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect RSA PKCS#1 v1.5 signature verification caused by a missing check or tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. A remote attacker can forge a signature and perform a man-in-the-middle (MitM) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU65780

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24773

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. A remote unauthenticated attacker can get a successful verification with signatures that contain invalid structures but a valid digest

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Path traversal

EUVDB-ID: #VU62463

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24785

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Incorrect Regular Expression

EUVDB-ID: #VU61227

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24921

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in regexp.Compile in Go. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Integer overflow

EUVDB-ID: #VU64269

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28327

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63173

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29526

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): before 4.11.0


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:6156

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###