CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-27781 • CWE-522: Insufficiently Protected Credentials •
CVE-2020-27816
https://notcve.org/view.php?id=CVE-2020-27816
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7. Elasticsearch-operator no comprueba el espacio de nombres donde el recurso de registro de kibana es creado y, debido a eso, es posible reemplazar el enlace de la consola de registro de openshift original (consola de kibana) por uno diferente, creado en base al nuevo CR para el nuevo recurso de kibana. Esto podría conllevar al redireccionamiento de una URL arbitraria o daños en el enlace de la consola de registro de openshift. • https://bugzilla.redhat.com/show_bug.cgi?id=1902698 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-25660 – ceph: CEPHX_V2 replay attack protection lost
https://notcve.org/view.php?id=CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1890354 https://ceph.io/community/v15-2-6-octopus-released https://ceph.io/releases/v14-2-14-nautilus-released https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBC4KZ44QUQENTYZPVHORGL4K2KV5V4F https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-25660 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2020-14336 – openshift: restricted SCC allows pods to craft custom network packets
https://notcve.org/view.php?id=CVE-2020-14336
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en las Restricciones de Contexto de Seguridad (SCC), que permite a los pods diseñar paquetes de red personalizados. Este fallo permite a un atacante causar un ataque de Denegación de Servicio en un clúster de OpenShift Container Platform si pueden desplegar pods. • https://bugzilla.redhat.com/show_bug.cgi?id=1858981 https://access.redhat.com/security/cve/CVE-2020-14336 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-10763 – heketi: gluster-block volume password details available in logs
https://notcve.org/view.php?id=CVE-2020-10763
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. Se encontró un fallo en la divulgación de información en la forma en que Heketi versiones anteriores a 10.1.0 registra información confidencial. Este fallo permite a un atacante con acceso local al servidor de Heketi leer información potencialmente confidencial, tal y como contraseñas de gluster-block An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with local access to the Heketi server, to read potentially sensitive information, such as gluster-block passwords. • https://bugzilla.redhat.com/show_bug.cgi?id=1845387 https://github.com/heketi/heketi/releases/tag/v10.1.0 https://access.redhat.com/security/cve/CVE-2020-10763 • CWE-532: Insertion of Sensitive Information into Log File •