SB2024072444 - Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.5.0

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024072444

SB2024072444 - Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.5.0

Published: July 24, 2024

Security Bulletin ID SB2024072444
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2024-28849)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to credentials are shared via headers when following cross-domain redirects. A remote attacker can gain access to sensitive information.


2) Resource exhaustion (CVE-ID: CVE-2024-29903)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can pass a specially crafted artifact to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Resource exhaustion (CVE-ID: CVE-2024-29902)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling attachments. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) OS Command Injection (CVE-ID: CVE-2022-48624)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) NULL pointer dereference (CVE-ID: CVE-2023-2953)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ber_memalloc_x() function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


6) Resource exhaustion (CVE-ID: CVE-2024-3651)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.


7) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-24806)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


8) Out-of-bounds read (CVE-ID: CVE-2024-25629)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ares__read_line() function when parsing local configuration files, such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, or `HOSTALIASES` file. A local user can insert a NULL character as the first character in a new line into one of the configuration files and crash the application.


9) Input validation error (CVE-ID: CVE-2024-28182)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


10) OS Command Injection (CVE-ID: CVE-2024-32487)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.


Remediation

Install update from vendor's website.

References