Multiple vulnerabilities in Red Hat OpenShift support for Windows Containers

Published: 2023-01-30

Risk	Medium
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2022-21698 CVE-2022-27191 CVE-2021-46848 CVE-2022-35737 CVE-2021-25749
CWE-ID	CWE-20 CWE-327 CWE-193 CWE-129 CWE-264
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #4 is available.
Vulnerable software Subscribe	OpenShift Container Platform for Windows Containers Server applications / Virtualization software
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU61599

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21698

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: before 7.0.0

CPE2.3

cpe:2.3:a:red_hat:openshift_container_platform_for_windows_containers:*:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:9096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU62039

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27191

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: before 7.0.0

CPE2.3

cpe:2.3:a:red_hat:openshift_container_platform_for_windows_containers:*:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:9096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Off-by-one

EUVDB-ID: #VU68858

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-46848

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: before 7.0.0

CPE2.3

cpe:2.3:a:red_hat:openshift_container_platform_for_windows_containers:*:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:9096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper Validation of Array Index

EUVDB-ID: #VU67414

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-35737

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling an overly large input passed as argument to a C API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: before 7.0.0

CPE2.3

cpe:2.3:a:red_hat:openshift_container_platform_for_windows_containers:*:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:9096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU71640

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-25749

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due incorrect privilege management. Windows workloads can be executed with the ContainerAdministrator privileges even when the runAsNonRoot option is set to "true".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: before 7.0.0

CPE2.3

cpe:2.3:a:red_hat:openshift_container_platform_for_windows_containers:*:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:9096

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?