SB2023091435 - Multiple vulnerabilities in Logging Subsystem for Red Hat OpenShift

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Incorrect authorization (CVE-ID: CVE-2023-3899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect authorization caused by D-Bus interface com.redhat.RHSM1 that exposes a significant number of methods to all users. A local user can abuse the com.redhat.RHSM1.Config.SetAll() method to change the state of the registration and escalate privileges on the system.

2) Improper Authentication (CVE-ID: CVE-2023-32360)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication in CUPS. A remote attacker can access recently printed documents.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.

4) Improper Authorization (CVE-ID: CVE-2023-4456)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to LokiStack component uses a regular token as key for caching. A remote user with a key valid for one action can execute other actions as long as the authorization allowing the original action is still cached.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2023:4933