CVE-2021-20188 – podman: container users permissions are not respected in privileged containers
https://notcve.org/view.php?id=CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=1915734 https://access.redhat.com/security/cve/CVE-2021-20188 • CWE-863: Incorrect Authorization •
CVE-2021-3344 – openshift/builder: privilege escalation during container image builds via mounted secrets
https://notcve.org/view.php?id=CVE-2021-3344
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. • https://bugzilla.redhat.com/show_bug.cgi?id=1921450 https://access.redhat.com/security/cve/CVE-2021-3344 • CWE-522: Insufficiently Protected Credentials •
CVE-2021-20182 – openshift: builder allows read and write of block devices
https://notcve.org/view.php?id=CVE-2021-20182
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de escalada de privilegios en openshift4/ose-docker-builder. • https://bugzilla.redhat.com/show_bug.cgi?id=1915110 https://access.redhat.com/security/cve/CVE-2021-20182 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://mail.openvswitch.org/pipermail/ovs-dev/2021 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-27836 – cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten by operator
https://notcve.org/view.php?id=CVE-2020-27836
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.. Se ha encontrado un fallo en cluster-ingress-operator. Un cambio en la forma en que el servicio de enrutamiento por defecto permite sólo determinados rangos de origen de IP podría permitir a un atacante acceder a recursos que de otro modo estarían restringidos a rangos de IP especificados. • https://access.redhat.com/security/cve/CVE-2020-27836 https://bugzilla.redhat.com/show_bug.cgi?id=1905490 https://bugzilla.redhat.com/show_bug.cgi?id=1906267 https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729 • CWE-732: Incorrect Permission Assignment for Critical Resource •