CVE-2020-1708 – openshift/mysql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. Se ha encontrado en openshift-enterprise versión 3.11 y en todas las versiones de openshift-enterprise desde 4.1 hasta, 4.3 incluyéndola, que varios contenedores modifican los permisos de /etc/passwd para que otros usuarios diferentes de root puedan modificarlos. Un atacante con acceso al contenedor en ejecución puede explotar esto para modificar /etc/passwd para agregar un usuario y escalar sus privilegios. • https://access.redhat.com/errata/RHSA-2020:0617 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0694 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708 https://access.redhat.com/security/cve/CVE-2020-1708 https://bugzilla.redhat.com/show_bug.cgi?id=1793299 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0 • CWE-787: Out-of-bounds Write •
CVE-2019-11255 – Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation
https://notcve.org/view.php?id=CVE-2019-11255
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. Una comprobación de entrada inapropiada en contenedores sidecar de Kubernetes CSI para external-provisioner (versiones anteriores a v0.4.3, versiones anteriores a v1.0.2, v1.1, versiones anteriores a v1.2.2, versiones anteriores a v1.3.1), external-snapshotter (versiones anteriores a v0.4.2, versiones anteriores a v1. 0.2, v1.1, versiones anteriores a 1.2.2) y external-resizer (versiones v0.1, v0.2), podrían resultar en el acceso no autorizado a los datos PersistentVolume o la mutación del volumen durante una imagen instantánea, una restauración desde una imagen instantánea, la clonación y el cambio de tamaño. • https://access.redhat.com/errata/RHSA-2019:4054 https://access.redhat.com/errata/RHSA-2019:4096 https://access.redhat.com/errata/RHSA-2019:4099 https://access.redhat.com/errata/RHSA-2019:4225 https://github.com/kubernetes/kubernetes/issues/85233 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/aXiYN0q4uIw https://security.netapp.com/advisory/ntap-20200810-0003 https://access.redhat.com/security/cve/CVE-2019-11255 https://bugzilla.redhat.com/show_bug.cgi?id=1 • CWE-20: Improper Input Validation •
CVE-2019-14891 – cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
https://notcve.org/view.php?id=CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Se encontró un fallo en cri-o, como un resultado de que todos los procesos relacionados con pod están colocados en el mismo grupo de memoria. Esto puede resultar en que se eliminen los procesos de administración de contenedores (conmon) si un proceso de carga de trabajo desencadena una condición de falta de memoria (OOM) para el cgroup. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891 https://access.redhat.com/security/cve/CVE-2019-14891 https://bugzilla.redhat.com/show_bug.cgi?id=1772280 • CWE-460: Improper Cleanup on Thrown Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2019-10223
https://notcve.org/view.php?id=CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. • http://www.openwall.com/lists/oss-security/2019/08/15/8 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223 https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2 https://www.openwall.com/lists/oss-security/2019/08/09/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •