CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10712 – openshift/cluster-image-registry-operator: secrets disclosed in logs
https://notcve.org/view.php?id=CVE-2020-10712
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registro de imagen permitiendo a un atacante conseguir acceso a esos registros, leer y escribir en el almacenamiento que respalda el registro de imágenes interno. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 https://access.redhat.com/security/cve/CVE-2020-10712 https://bugzilla.redhat.com/show_bug.cgi?id=1825161 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0CVE-2020-11100 – haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. En la función hpack_dht_insert en el archivo hpack-tbl.c en el decodificador HPACK en HAProxy versiones 1.8 hasta 2.x anteriores a 2.1.4, un atacante remoto puede escribir bytes arbitrarios alrededor de una determinada ubicación en la pila (heap) por medio de una petición HTTP/2 diseñada, causando posiblemente una ejecución de código remoto. A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy. The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html http://www.haproxy.org https://bugzilla.redhat.com/show_bug.cgi?id=1819111 https://bugzilla.suse.com/show_bug.cgi?id=1168023 https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88 https://lists.debian.org/debian-security-announce/2020/msg00052.html https://lists.fedoraproject.org/archives/list/packag • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1706 – openshift/apb-tools: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1706
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. Se ha encontrado que en openshift-enterprise versión 3.11 y openshift-enterprise versiones 4.1 hasta 4.3 incluyéndola, múltiples contenedores modifican los permisos de /etc/passwd para que sean entonces modificables por otros usuarios diferentes de root. Un atacante con acceso al contenedor en ejecución puede explotar esto para modificar /etc/passwd para agregar un usuario y escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706 https://access.redhat.com/security/cve/CVE-2020-1706 https://bugzilla.redhat.com/show_bug.cgi?id=1793302 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 1CVE-2020-8945 – CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ejecución de código durante una comprobación de la firma GPG. A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. • https://access.redhat.com/errata/RHSA-2020:0679 https://access.redhat.com/errata/RHSA-2020:0689 https://access.redhat.com/errata/RHSA-2020:0697 https://bugzilla.redhat.com/show_bug.cgi?id=1795838 https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1 https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1 https://github.com/proglottis/gpgme/pull/23 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIF • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1708 – openshift/mysql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. Se ha encontrado en openshift-enterprise versión 3.11 y en todas las versiones de openshift-enterprise desde 4.1 hasta, 4.3 incluyéndola, que varios contenedores modifican los permisos de /etc/passwd para que otros usuarios diferentes de root puedan modificarlos. Un atacante con acceso al contenedor en ejecución puede explotar esto para modificar /etc/passwd para agregar un usuario y escalar sus privilegios. • https://access.redhat.com/errata/RHSA-2020:0617 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0694 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708 https://access.redhat.com/security/cve/CVE-2020-1708 https://bugzilla.redhat.com/show_bug.cgi?id=1793299 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •