CVE-2018-1102 – source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go
https://notcve.org/view.php?id=CVE-2018-1102
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios. • https://access.redhat.com/errata/RHSA-2018:1227 https://access.redhat.com/errata/RHSA-2018:1229 https://access.redhat.com/errata/RHSA-2018:1231 https://access.redhat.com/errata/RHSA-2018:1233 https://access.redhat.com/errata/RHSA-2018:1235 https://access.redhat.com/errata/RHSA-2018:1237 https://access.redhat.com/errata/RHSA-2018:1239 https://access.redhat.com/errata/RHSA-2018:1241 https://access.redhat.com/errata/RHSA-2018:1243 https://access.redhat.com/errata/RHSA • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-7534
https://notcve.org/view.php?id=CVE-2017-7534
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod. • http://www.securityfocus.com/bid/103754 https://bugzilla.redhat.com/show_bug.cgi?id=1443003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12195 – 3: authentication bypass for elasticsearch with external routes
https://notcve.org/view.php?id=CVE-2017-12195
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. Se ha encontrado un fallo en todas las versiones de Openshift Enterprise que utilizan el plugin openshift elasticsearch. Un atacante con conocimiento del nombre usado para autenticar y acceder a Elasticsearch puede acceder a él más tarde sin el token, evitando la autenticación. • https://access.redhat.com/errata/RHSA-2017:3188 https://access.redhat.com/errata/RHSA-2017:3389 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195 https://access.redhat.com/security/cve/CVE-2017-12195 https://bugzilla.redhat.com/show_bug.cgi?id=1501986 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •