17 results (0.008 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se encontró en OpenShift, anterior a versión 4.8, que el certificado generado para la CA de servicio en el clúster, incluía incorrectamente certificados adicionales. La CA de servicio se monta automáticamente en todos los pods, permitiéndoles conectarse de forma segura a los servicios confiables del clúster que presentan certificados firmados por la CA de servicio confiable. • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 https://access.redhat.com/security/cve/CVE-2021-3636 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. Se ha detectado un fallo de modificación no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. • https://bugzilla.redhat.com/show_bug.cgi?id=1914714 • CWE-266: Incorrect Privilege Assignment •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por medio de un acceso físico o un ataque de tipo XSS en el navegador de la víctima. • https://bugzilla.redhat.com/show_bug.cgi?id=1813788 • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 https://access.redhat.com/security/cve/CVE-2019-19346 https://bugzilla.redhat.com/show_bug.cgi?id=1793289 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 https://access.redhat.com/security/cve/CVE-2019-19348 https://bugzilla.redhat.com/show_bug.cgi?id=1793286 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •