CVE-2019-3884 – atomic-openshift: cross-namespace owner references can trigger deletions of valid children
https://notcve.org/view.php?id=CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto válido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-3884 https://bugzilla.redhat.com/show_bug.cgi?id=1693905 • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVE-2018-1002105 – Kubernetes - (Unauthenticated) Arbitrary Requests
https://notcve.org/view.php?id=CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualización en el proxy en kube-apiserver permitían que las peticiones especialmente manipuladas estableciesen una conexión mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexión directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexión con el backend. A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. • https://www.exploit-db.com/exploits/46052 https://www.exploit-db.com/exploits/46053 https://github.com/sh-ubh/CVE-2018-1002105 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/106068 https://access.redhat.com/errata/RHSA-2018:3537 h • CWE-305: Authentication Bypass by Primary Weakness CWE-388: 7PK - Errors •
CVE-2018-10885
https://notcve.org/view.php?id=CVE-2018-10885
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en un cluster de Openshift 3.9 o 3.7. • http://www.securityfocus.com/bid/104688 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 • CWE-20: Improper Input Validation •
CVE-2018-1102 – source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go
https://notcve.org/view.php?id=CVE-2018-1102
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios. • https://access.redhat.com/errata/RHSA-2018:1227 https://access.redhat.com/errata/RHSA-2018:1229 https://access.redhat.com/errata/RHSA-2018:1231 https://access.redhat.com/errata/RHSA-2018:1233 https://access.redhat.com/errata/RHSA-2018:1235 https://access.redhat.com/errata/RHSA-2018:1237 https://access.redhat.com/errata/RHSA-2018:1239 https://access.redhat.com/errata/RHSA-2018:1241 https://access.redhat.com/errata/RHSA-2018:1243 https://access.redhat.com/errata/RHSA • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-7534
https://notcve.org/view.php?id=CVE-2017-7534
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod. • http://www.securityfocus.com/bid/103754 https://bugzilla.redhat.com/show_bug.cgi?id=1443003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •