Multiple vulnerabilities in Red Hat OpenShift support for Windows Containers 6.0

1) Input validation error

EUVDB-ID: #VU80006

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3676

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on Windows nodes.

The vulnerability exists due to improper input validation. A remote user with ability to create pods on Windows nodes can obtain administrative privileges on these nodes.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Container Support for Red Hat OpenShift: 6.0.0 - 6.0.1

External links

http://access.redhat.com/errata/RHSA-2023:4780

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU80008

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3955

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on Windows nodes.

The vulnerability exists due to improper input validation. A remote user with ability to create pods on Windows nodes can obtain administrative privileges on these nodes.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Container Support for Red Hat OpenShift: 6.0.0 - 6.0.1

External links

http://access.redhat.com/errata/RHSA-2023:4780

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.