SB2023072743 - Multiple vulnerabilities in OpenShift Container Platform 4.13
Published: July 27, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Inadequate Encryption Strength (CVE-ID: CVE-2023-3089)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.
2) Input validation error (CVE-ID: CVE-2023-32067)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and perform a denial of service (DoS) attack.
3) Cross-site scripting (CVE-ID: CVE-2023-29400)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper access control (CVE-ID: CVE-2023-27561)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.
5) Cross-site scripting (CVE-ID: CVE-2023-24539)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Code Injection (CVE-ID: CVE-2023-24538)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.
7) Infinite loop (CVE-ID: CVE-2023-24537)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.
8) Resource management error (CVE-ID: CVE-2023-24536)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within mime/multipart and net/textproto components when parsing multipart forms. A remote attacker can pass specially crafted request to the application and perform a denial of service (DoS) attack.
9) Resource exhaustion (CVE-ID: CVE-2023-24534)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing HTTP and MIME headers in net/textproto. A remote attacker can cause an HTTP server to allocate large amounts of memory from a small request and perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2023-24329)
The vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
11) Resource exhaustion (CVE-ID: CVE-2023-2828)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.
12) Resource exhaustion (CVE-ID: CVE-2022-41723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2023-2700)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. A local user can repeatedly query an SR-IOV PCI device's capabilities to cause memory leak and perform denial of service attack.
14) Resource management error (CVE-ID: CVE-2023-2650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-1260)
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improper access restrictions within kube-apiserver. A remote authenticated user with "update, patch" permissions to the "pods/ephemeralcontainers" subresource can bypass SCC admission restrictions and gain control over a privileged pod.
16) Out-of-bounds read (CVE-ID: CVE-2023-1255)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
17) Security features bypass (CVE-ID: CVE-2023-0466)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error within the X509_VERIFY_PARAM_add0_policy() function, which does not perform the certificate policy check despite being implicitly enabled. A remote attacker can bypass expected security restrictions and perform MitM attack.
18) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-0465)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.
19) Resource exhaustion (CVE-ID: CVE-2023-0464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2022-46663)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of the ANSI escape sequences in the "less -R" output. A remote attacker can trick the victim to run the command against the specially crafted data and perform a denial of service (DoS) attack.
21) Improper Privilege Management (CVE-ID: CVE-2023-25173)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management where supplementary groups are not set up properly inside a container. A local user can use supplementary group access to bypass primary group restrictions and compromise the container.
Remediation
Install update from vendor's website.