CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3818
https://notcve.org/view.php?id=CVE-2019-3818
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. El contenedor kube-rbac-proxy, en versiones anteriores a la 0.4.1, tal y como se utiliza en Red Hat OpenShift Container Platform, no cumple con las configuraciones TLS, permitiendo la utilización de cifrados inseguros y TLS 1.0. Un atacante podría provocar que se envíe tráfico a través de una conexión TLS con una configuración débil y romper el cifrado. • http://www.securityfocus.com/bid/106744 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/security/cve/CVE-2019-3818 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2018-20615 – haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
https://notcve.org/view.php?id=CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Se ha descubierto un problema de lectura fuera de límites en el decodificador del protocolo HTTP/2 en HAProxy, en versiones 1.8.x y 1.9.x hasta la 1.9.0, lo que puede resultar en un cierre inesperado. El procesamiento del flag PRIORITY en un frame HEADERS requiere 5 bytes adicionales y, aunque se omiten estos bytes, la longitud total del frame no se volvió a comprobar para asegurar que estaban presentes en la trama. A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html http://www.securityfocus.com/bid/106645 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0275 https://usn.ubuntu.com/3858-1 https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html https://access.redhat.com/security/cve/CVE-2018-20615 https://bugzilla.redhat.com/show_bug.cgi?id=1663060 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3815 – systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
https://notcve.org/view.php?id=CVE-2019-3815
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. Se descubrió una fuga de memoria en el "backport" de soluciones para CVE-2018-16864 en Red Hat Enterprise Linux. • http://www.securityfocus.com/bid/106632 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0201 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815 https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html https://access.redhat.com/security/cve/CVE-2019-3815 https://bugzilla.redhat.com/show_bug.cgi?id=1666690 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1003003
https://notcve.org/view.php?id=CVE-2019-1003003
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. Existe una vulnerabilidad de autorización incorrecta en Jenkins, en la versión 2.158 y anteriores y con el firmware LTS 2.150.1 y anteriores, en ore/src/main/java/hudson/security/TokenBasedRememberMeServices2.java que permite a los atacantes con permisos de "Overall/RunScripts" manipular cookies "Remember Me" que no caducan, permitiendo el acceso persistente a cuentas de usuario comprometidas de manera temporal. • http://www.securityfocus.com/bid/106680 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868 •
CVSS: 8.8EPSS: 83%CPEs: 2EXPL: 5CVE-2019-1003000 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Script Security Plugin versión 1.49 y anteriores, en src/main/java/org/jenkinsc/plugins/scriptsecurity/sandbox/ groovy/GroovySandbox.java que permite a los atacantes la capacidad de proporcionar scripts de tipo Sandbox para ejecutar código arbitrario en el Jenkins master JVM. Jenkins plugins Script Security version 1.49, Declarative version 1.3.4, and Groovy version 2.60 suffer from a code execution vulnerability. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46453 https://www.exploit-db.com/exploits/46427 https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 ht •