CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2020-10696 – buildah: Crafted input tar file may lead to local file overwrite during image build process
https://notcve.org/view.php?id=CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. Se detectó un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante engañar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos. A path traversal flaw was found in Buildah. • https://access.redhat.com/security/cve/cve-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 https://github.com/containers/buildah/pull/2245 https://access.redhat.com/security/cve/CVE-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=1817651 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2020-1764 – kiali: JWT cookie uses default signing key
https://notcve.org/view.php?id=CVE-2020-1764
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. Se detectó una vulnerabilidad de clave criptográfica embebida en el archivo de configuración predeterminado en Kiali, todas las versiones anteriores a 1.15.1. Un atacante remoto podría abusar de este fallo mediante la creación de sus propios tokens firmados JWT y omisión de los mecanismos de autenticación de Kiali, posiblemente obteniendo privilegios para visualizar y alterar la configuración de Istio. A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764 https://kiali.io/news/security-bulletins/kiali-security-001 https://access.redhat.com/security/cve/CVE-2020-1764 https://bugzilla.redhat.com/show_bug.cgi?id=1810383 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1709 – openshift/mediawiki: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1709
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/mediawiki. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios. An insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709 https://access.redhat.com/security/cve/CVE-2020-1709 https://bugzilla.redhat.com/show_bug.cgi?id=1793297 https://access.redhat.com/articles/4859371 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-14887 – wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
https://notcve.org/view.php?id=CVE-2019-14887
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Se detectó un fallo cuando un proveedor de seguridad OpenSSL es usado con Wildfly, el valor de "enabled-protocols" en la configuración de Wildfly no es respetado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887 https://issues.redhat.com/browse/JBEAP-17965 https://security.netapp.com/advisory/ntap-20200327-0007 https://access.redhat.com/security/cve/CVE-2019-14887 https://bugzilla.redhat.com/show_bug.cgi?id=1772008 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19355 – openshift/ocp-release-operator-sdk: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el openshift/ocp-release-operator-sdk. Un atacante con acceso al contenedor podría usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355 https://access.redhat.com/security/cve/CVE-2019-19355 https://bugzilla.redhat.com/show_bug.cgi?id=1793277 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •