CVE-2016-3708 – 3: s2i builds implicitly perform docker builds
https://notcve.org/view.php?id=CVE-2016-3708
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. Red Hat OpenShift Enterprise 3.2, cuando multi-tenant SDN está habilitado y un build está ejecutado en un espacio de nombres que normalmente estaría aislado de pods en otros espacios de nombres, permite a usuarios remotos autenticados acceder a recursos de red en pods restringidos a través de un build s2i con una imagen builder que (1) contiene comandos ONBUILD o (2) no contiene un binario tar. A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. • https://access.redhat.com/errata/RHSA-2016:1094 https://access.redhat.com/security/cve/CVE-2016-3708 https://bugzilla.redhat.com/show_bug.cgi?id=1331229 • CWE-284: Improper Access Control •
CVE-2016-3738 – origin: pod update allows docker socket access via build-pod
https://notcve.org/view.php?id=CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. Red Hat OpenShift Enterprise 3.2 no restringe correctamente el acceso a builds STI, lo que permite a usuarios remotos autenticados acceder al socket Docker y obtener privilegios a través de vectores relacionado con build-pod. A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. • https://access.redhat.com/errata/RHSA-2016:1094 https://access.redhat.com/security/cve/CVE-2016-3738 https://bugzilla.redhat.com/show_bug.cgi?id=1333461 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2016-3703 – 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain
https://notcve.org/view.php?id=CVE-2016-3703
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Red Hat OpenShift Enterprise 3.2 y 3.1 no valida correctamente el origen de una petición cuando el acceso anónimo está concedido para una API service/proxy o pod/proxy para un pod específico, lo que permite a atacantes remotos acceder a credenciales de la API en el explorador web localStorage a través de un token de acceso en el parámetro query. An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. • https://access.redhat.com/errata/RHSA-2016:1094 https://access.redhat.com/errata/RHSA-2016:1095 https://access.redhat.com/security/cve/CVE-2016-3703 https://bugzilla.redhat.com/show_bug.cgi?id=1330233 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVE-2016-3725 – jenkins: Regular users can trigger download of update site metadata (SECURITY-273)
https://notcve.org/view.php?id=CVE-2016-3725
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación de permisos. NOTA: este problema puede darse en combinación con el envenenamiento de la caché DNS para provocar una denegación de servicio (interrupción de servicio). • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3725 https://bugzilla.redhat.com/show_bug.cgi?id=1335420 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-3722 – jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)
https://notcve.org/view.php?id=CVE-2016-3722
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a usuarios remotos autenticados con múltiples cuentas provocar una denegación de servicio (sin posibilidad de acceso) editando el "full name". • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3722 https://bugzilla.redhat.com/show_bug.cgi?id=1335416 • CWE-264: Permissions, Privileges, and Access Controls •