CVE-2013-4281
https://notcve.org/view.php?id=CVE-2013-4281
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. En Red Hat Openshift versión 1, son aplicados permisos débiles por defecto al archivo /etc/openshift/server_priv.pem en el servidor del broker, lo que podría permitir a usuarios con acceso local al broker leer este archivo • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice https://www.openwall.com/lists/oss-security/2014/06/05/19 • CWE-276: Incorrect Default Permissions •
CVE-2013-4253
https://notcve.org/view.php?id=CVE-2013-4253
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. El script de despliegue en el conjunto de scripts complementarios "OpenShift Extras" no soportados, en Red Hat Openshift versión 1, instala una clave pública por defecto en el archivo authorized_keys del usuario root • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice https://www.openwall.com/lists/oss-security/2014/06/05/19 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-3636 – openshift: Injected service-ca.crt incorrectly contains additional internal CAs
https://notcve.org/view.php?id=CVE-2021-3636
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se encontró en OpenShift, anterior a versión 4.8, que el certificado generado para la CA de servicio en el clúster, incluía incorrectamente certificados adicionales. La CA de servicio se monta automáticamente en todos los pods, permitiéndoles conectarse de forma segura a los servicios confiables del clúster que presentan certificados firmados por la CA de servicio confiable. • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 https://access.redhat.com/security/cve/CVE-2021-3636 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVE-2020-35514
https://notcve.org/view.php?id=CVE-2020-35514
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. Se ha detectado un fallo de modificación no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. • https://bugzilla.redhat.com/show_bug.cgi?id=1914714 • CWE-266: Incorrect Privilege Assignment •