Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.4



Published: 2022-09-26 | Updated: 2022-11-15
Risk High
Patch available YES
Number of vulnerabilities 26
CVE-ID CVE-2022-2097
CVE-2022-34903
CVE-2022-32208
CVE-2022-32206
CVE-2022-29824
CVE-2022-29154
CVE-2022-25314
CVE-2022-25313
CVE-2022-21166
CVE-2022-21125
CVE-2022-21123
CVE-2022-2526
CVE-2022-2068
CVE-2022-30629
CVE-2022-1927
CVE-2022-1897
CVE-2022-1785
CVE-2022-1586
CVE-2022-1292
CVE-2022-0391
CVE-2021-40528
CVE-2015-20107
CVE-2022-36067
CVE-2022-31151
CVE-2022-31150
CVE-2022-31129
CWE-ID CWE-311
CWE-347
CWE-400
CWE-190
CWE-22
CWE-121
CWE-200
CWE-416
CWE-78
CWE-330
CWE-125
CWE-787
CWE-93
CWE-327
CWE-284
CWE-668
CWE-185
Exploitation vector Network
Public exploit Public exploit code for vulnerability #19 is available.
Public exploit code for vulnerability #23 is available.
Vulnerable software
Subscribe
Red Hat Advanced Cluster Management for Kubernetes
Server applications / Other server solutions

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 26 vulnerabilities.

1) Missing Encryption of Sensitive Data

EUVDB-ID: #VU64922

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2097

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64909

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-34903

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Integer overflow

EUVDB-ID: #VU62741

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29824

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Path traversal

EUVDB-ID: #VU66189

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29154

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Integer overflow

EUVDB-ID: #VU60738

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25314

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Stack-based buffer overflow

EUVDB-ID: #VU60737

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-25313

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Information disclosure

EUVDB-ID: #VU64366

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21166

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Information disclosure

EUVDB-ID: #VU64365

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21125

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.



Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Information disclosure

EUVDB-ID: #VU64364

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21123

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Use-after-free

EUVDB-ID: #VU66757

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2526

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Use of insufficiently random values

EUVDB-ID: #VU66122

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30629

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker gain access to sensitive information.

The vulnerability exists in crypto/tls implementation when generating TLS tickets age. The newSessionTicketMsgTLS13.ageAdd is always set to "0" instead of a random value.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU64508

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1927

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds write

EUVDB-ID: #VU64506

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1897

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds write

EUVDB-ID: #VU63487

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1785

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code

The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds read

EUVDB-ID: #VU63945

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1586

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) CRLF injection

EUVDB-ID: #VU61675

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0391

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU56685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40528

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) OS Command Injection

EUVDB-ID: #VU64573

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-20107

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Improper access control

EUVDB-ID: #VU67205

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-36067

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass the sandbox protections and execute arbitrary code on the host running the sandbox.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU67165

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-31151

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way application include cookie headers in HTTP redirects. A remote attacker can leverage existing open redirect issue to expose sensitive cookies to a third-party website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) CRLF injection

EUVDB-ID: #VU67163

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31150

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Incorrect Regular Expression

EUVDB-ID: #VU65835

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31129

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Advanced Cluster Management for Kubernetes: 2.4.0 - 2.4.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###