CVE-2023-6476 – Cri-o: pods are able to break out of resource confinement on cgroupv2
https://notcve.org/view.php?id=CVE-2023-6476
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de Kubernetes y potencialmente provocando una denegación de servicio en el nodo. • https://access.redhat.com/errata/RHSA-2024:0195 https://access.redhat.com/errata/RHSA-2024:0207 https://access.redhat.com/security/cve/CVE-2023-6476 https://bugzilla.redhat.com/show_bug.cgi?id=2253994 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-3466 – Cri-o: security regression of cve-2022-27652
https://notcve.org/view.php?id=CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. La versión de cri-o publicada para Red Hat OpenShift Container Platform 4.9.48, 4.10.31 y 4.11.6 a través de RHBA-2022:6316, RHBA-2022:6257 y RHBA-2022:6658, respectivamente, incluía una versión incorrecta de cri-o le falta la solución para CVE-2022-27652, que se solucionó anteriormente en OCP 4.9.41 y 4.10.12 a través de RHBA-2022:5433 y RHSA-2022:1600. Este problema podría permitir que un atacante con acceso a programas con capacidades de archivos heredables eleve esas capacidades al conjunto permitido cuando se ejecuta execve(2). • https://access.redhat.com/errata/RHSA-2022:7398 https://access.redhat.com/security/cve/CVE-2022-3466 https://bugzilla.redhat.com/show_bug.cgi?id=2134063 • CWE-276: Incorrect Default Permissions •
CVE-2022-1708 – cri-o: memory exhaustion on the node when access to the kube api
https://notcve.org/view.php?id=CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=2085361 https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544 https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j https://access.redhat.com/security/cve/CVE-2022-1708 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-1677 – openshift/router: route hijacking attack via crafted HAProxy configuration file
https://notcve.org/view.php?id=CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. En OpenShift Container Platform, un usuario con permisos para crear o modificar rutas puede diseñar una carga útil que inserte una entrada malformada en uno de los archivos de configuración del router del clúster. Esta entrada malformada puede coincidir con cualquier nombre de host arbitrario, o con todos los nombres de host del clúster, y dirigir el tráfico a una aplicación arbitraria dentro del clúster, incluyendo una bajo el control del atacante In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. • https://access.redhat.com/security/cve/CVE-2022-1677 https://bugzilla.redhat.com/show_bug.cgi?id=2076211 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es más débil y puede ser explotada para la pérdida de confidencialidad e integridad en los discos cifrados. • https://access.redhat.com/security/cve/CVE-2021-3979 https://bugzilla.redhat.com/show_bug.cgi?id=2024788 https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 https://github.com/ceph/ceph/pull/44765 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q https://tracker.ceph.com/issues/54006 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •