CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19345 – openshift/mediawiki-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19345
04 Mar 2020 — A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2020-8945 – proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
12 Feb 2020 — The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ej... • https://access.redhat.com/errata/RHSA-2020:0679 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19335 – openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions
https://notcve.org/view.php?id=CVE-2019-19335
12 Feb 2020 — During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. Durante la instalación de un clúster de OpenShift versión 4, la herramienta de línea de comando "openshift-install" crea un directorio "auth", con los... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19921 – runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
https://notcve.org/view.php?id=CVE-2019-19921
12 Feb 2020 — runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1708 – openshift/mysql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1708
07 Feb 2020 — It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. Se ha encontrado en openshift-enterprise versión 3.11 y en todas las versiones de openshift-ente... • https://access.redhat.com/errata/RHSA-2020:0617 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-11255 – Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation
https://notcve.org/view.php?id=CVE-2019-11255
05 Dec 2019 — Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14854 – library-go: Secret data written to static pod logs when operator set at Debug level or higher
https://notcve.org/view.php?id=CVE-2019-14854
04 Dec 2019 — OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. OpenShift Container Platform versión 4, no sanea los datos secretos escritos en registros pod estáticos cuando el nivel de registro en un operador dado es establecido en Debug o superior. Un usuario poco priv... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14854 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14891 – cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
https://notcve.org/view.php?id=CVE-2019-14891
25 Nov 2019 — A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Se encontró un fallo en cri-o, como un resultado de que todos los procesos relacionados con pod están colocados en el mismo grupo de memoria. Esto puede resultar en que se e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891 • CWE-460: Improper Cleanup on Thrown Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
12 Nov 2019 — Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de u... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10223
https://notcve.org/view.php?id=CVE-2019-10223
05 Nov 2019 — A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and relea... • http://www.openwall.com/lists/oss-security/2019/08/15/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •