CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-3248 – Openshift api admission checks does not enforce "custom-host" permissions
https://notcve.org/view.php?id=CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. Se encontró una falla en la API de OpenShift, ya que las comprobaciones de admisión no aplican permisos de "custom-host". Este problema podría permitir que un atacante viole los límites, ya que no se aplicarán los permisos. • https://access.redhat.com/security/cve/CVE-2022-3248 https://bugzilla.redhat.com/show_bug.cgi?id=2072188 • CWE-863: Incorrect Authorization •
CVE-2023-3027 – ACM: governance policy propagator privilege escalation
https://notcve.org/view.php?id=CVE-2023-3027
The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created. • https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0 https://access.redhat.com/security/cve/CVE-2023-3027 https://bugzilla.redhat.com/show_bug.cgi?id=2211468 • CWE-269: Improper Privilege Management •
CVE-2022-3841 – RHACM: unauthenticated SSRF in console API endpoint
https://notcve.org/view.php?id=CVE-2022-3841
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. RHACM: SSRF no autenticado en el endpoint de la API de la consola. Se encontró una vulnerabilidad Server-Side Request Forgery (SSRF) en el endpoint de la API de la consola de Red Hat Advanced Cluster Management para Kubernetes (RHACM). • https://access.redhat.com/security/cve/CVE-2022-3841 https://bugzilla.redhat.com/show_bug.cgi?id=2139426 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-2238 – search-api: SQL injection leads to remote denial of service
https://notcve.org/view.php?id=CVE-2022-2238
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. Se encontró una vulnerabilidad en el contenedor search-api en Red Hat Advanced Cluster Management for Kubernetes cuando una consulta en el filtro de búsqueda es analizada por el backend. Este fallo permite a un atacante diseñar cadenas específicas que contengan caracteres especiales que conllevan el bloqueo del pod y afectan a la disponibilidad del sistema mientras es reiniciado A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. • https://access.redhat.com/security/cve/CVE-2022-2238 https://bugzilla.redhat.com/show_bug.cgi?id=2101669 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-400: Uncontrolled Resource Consumption •