CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2403 – openshift: oauth-serving-cert configmap contains cluster certificate private key
https://notcve.org/view.php?id=CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del clúster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. • https://access.redhat.com/security/cve/CVE-2022-2403 https://bugzilla.redhat.com/show_bug.cgi?id=2101959 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4561
https://notcve.org/view.php?id=CVE-2013-4561
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. En un nodo de openshift, se presenta un trabajo cron para actualizar los hechos de mcollective que maneja inapropiadamente un archivo temporal. Esto puede conllevar a una pérdida de confidencialidad e integridad • https://bugzilla.redhat.com/show_bug.cgi?id=1029652 https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Puede producirse una escritura fuera de límites de la pila durante el manejo de las tablas Huffman en el lector PNG. • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3696 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-3697 – grub2: Crafted JPEG image can lead to buffer underflow write in the heap
https://notcve.org/view.php?id=CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Una imagen JPEG diseñada puede conllevar que el lector de JPEG desborde su puntero de datos, permitiendo que los datos controlados por el usuario sean escritos en la pila. • https://bugzilla.redhat.com/show_bug.cgi?id=1991687 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3697 • CWE-787: Out-of-bounds Write •