CVE-2019-1002101 – kubectl cp path traversal
https://notcve.org/view.php?id=CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. • https://github.com/brompwnie/CVE-2019-1002101-Helpers http://www.openwall.com/lists/oss-security/2019/06/21/1 http://www.openwall.com/lists/oss-security/2019/08/05/5 http://www.securityfocus.com/bid/107652 https://access.redhat.com/errata/RHBA-2019:0619 https://access.redhat.com/errata/RHBA-2019:0620 https://access.redhat.com/errata/RHBA-2019:0636 https://access.redhat.com/security/cve/cve-2019-1002101 https://github.com/kubernetes/kubernetes/pull/75037 https:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-0542 – xterm.js: Mishandling of special characters allows for remote code execution
https://notcve.org/view.php?id=CVE-2019-0542
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. Existe una vulnerabilidad de ejecución remota de código en Xterm.js cuando el componente maneja mal los caracteres especiales, también conocida como "Xterm Remote Code Execution Vulnerability". Esto afecta a xterm.js It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file containing attacker-controlled input. • http://www.securityfocus.com/bid/106434 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:1422 https://access.redhat.com/errata/RHSA-2019:2551 https://access.redhat.com/errata/RHSA-2019:2552 https://github.com/xtermjs/xterm.js/releases https://access.redhat.com/security/cve/CVE-2019-0542 https://bugzilla.redhat.com/show_bug.cgi?id=1668531 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-1002105 – Kubernetes - (Unauthenticated) Arbitrary Requests
https://notcve.org/view.php?id=CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualización en el proxy en kube-apiserver permitían que las peticiones especialmente manipuladas estableciesen una conexión mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexión directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexión con el backend. A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. • https://www.exploit-db.com/exploits/46052 https://www.exploit-db.com/exploits/46053 https://github.com/sh-ubh/CVE-2018-1002105 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/106068 https://access.redhat.com/errata/RHSA-2018:3537 h • CWE-305: Authentication Bypass by Primary Weakness CWE-388: 7PK - Errors •
CVE-2018-14645 – haproxy: Out-of-bounds read in HPACK decoder
https://notcve.org/view.php?id=CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. Se ha descubierto un fallo en el descodificador HPACK de HAProxy en versiones anteriores a la 1.8.14 que se utiliza para HTTP/2. Un acceso de lectura fuera de límites en hpack_vallid_idx() resultó en un cierre inesperado remoto y una denegación de servicio (DoS). A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. • https://access.redhat.com/errata/RHBA-2019:0028 https://access.redhat.com/errata/RHSA-2018:2882 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 https://usn.ubuntu.com/3780-1 https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html https://access.redhat.com/security/cve/CVE-2018-14645 https://bugzilla.redhat.com/show_bug.cgi?id=1630048 • CWE-125: Out-of-bounds Read •
CVE-2018-14632 – atomic-openshift: oc patch with json causes masterapi service crash
https://notcve.org/view.php?id=CVE-2018-14632
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres. An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. • https://access.redhat.com/errata/RHBA-2018:2652 https://access.redhat.com/errata/RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2908 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e https://access.redhat.com/security/cve/CVE-2018-14632 https://bugzilla.redhat. • CWE-787: Out-of-bounds Write •