SB2023032406 - Multiple vulnerabilities in Red Hat OpenShift GitOps 1.7

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023032406

SB2023032406 - Multiple vulnerabilities in Red Hat OpenShift GitOps 1.7

Published: March 24, 2023 Updated: October 12, 2023

Security Bulletin ID SB2023032406
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 50% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Information Exposure Through an Error Message (CVE-ID: CVE-2022-41354)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can enumerate application names by inspecting API error messages.


2) Type conversion (CVE-ID: CVE-2020-10735)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.


3) Open redirect (CVE-ID: CVE-2021-28861)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in lib/http/server.py due to missing protection against multiple (/) at the beginning of URI path. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


4) Deserialization of Untrusted Data (CVE-ID: CVE-2022-1471)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Improper Privilege Management (CVE-ID: CVE-2022-4415)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.

The vulnerability affects systems with libacl support.


6) Observable discrepancy (CVE-ID: CVE-2022-34174)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to observable discrepancy issue in the login form. A remote attacker can gain unauthorized access to sensitive information on the system.


7) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


8) Resource exhaustion (CVE-ID: CVE-2022-45061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.


9) Heap-based buffer overflow (CVE-ID: CVE-2022-48303)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-23916)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References