CVSS: 8.1EPSS: 83%CPEs: 54EXPL: 99CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5154 – Cri-o: malicious container can create symlink on host
https://notcve.org/view.php?id=CVE-2024-5154
12 Jun 2024 — A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. Se encontró un defecto en cri-o. Un contenedor malicioso puede crear un enlace simbólico que apunte a un directorio o archivo arbitrario en el host mediante el directory traversal (“../”). • https://access.redhat.com/errata/RHSA-2024:3676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5037 – Openshift/telemeter: iss check during jwt authentication can be bypassed
https://notcve.org/view.php?id=CVE-2024-5037
05 Jun 2024 — A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. Se encontró una falla en Telemeter de OpenShift. Si se cumplen ciertas condiciones, un atacante puede usar un token falsificado para evitar la verificación del problema ("iss") durante la autenticación del token web JSON (JWT). Red Hat OpenShift Container Platform release 4.16.1 is now available with updates to package... • https://access.redhat.com/errata/RHSA-2024:4151 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5042 – Submariner-operator: rbac permissions can allow for the spread of node compromises
https://notcve.org/view.php?id=CVE-2024-5042
17 May 2024 — A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. Se encontró un fallo en el proyecto Submariner. Debido a permisos innecesarios de control de acceso basados en roles, un atacante privilegiado puede ejecutar un contenedor malicioso en un nodo que puede permitirle robar token... • https://access.redhat.com/security/cve/CVE-2024-5042 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2024-3727 – Containers/image: digest type does not guarantee valid type
https://notcve.org/view.php?id=CVE-2024-3727
09 May 2024 — A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques. Red Hat ... • https://access.redhat.com/errata/RHSA-2024:0045 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
30 Apr 2024 — An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account. Se encontró una falla de divulgación ... • https://access.redhat.com/errata/RHSA-2024:3881 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 8.3EPSS: 1%CPEs: 3EXPL: 0CVE-2024-3154 – Cri-o: arbitrary command injection via pod annotation
https://notcve.org/view.php?id=CVE-2024-3154
26 Apr 2024 — A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Se encontró una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotación Pod. Cualquier usuario que pueda crear un pod con una anotación arbitraria puede realizar una acción arbitraria en el sistema host. Red Hat OpenShift Container Platform release 4.13.43 is ... • https://access.redhat.com/errata/RHSA-2024:2669 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3624 – Mirror-registry: database user and password stored in plain-text
https://notcve.org/view.php?id=CVE-2024-3624
25 Apr 2024 — A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. Se encontró una falla en cómo se almacena la base de datos de Quay en texto plano en el registro espejo en el archivo config.yaml de jinja. Esta falla permite que un actor malintencionado con acceso a este archivo obtenga acceso a la base de datos de Quay. • https://access.redhat.com/security/cve/CVE-2024-3624 • CWE-256: Plaintext Storage of a Password •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3625 – Mirror-registry: redis password stored in plain-text
https://notcve.org/view.php?id=CVE-2024-3625
25 Apr 2024 — A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. Se encontró una falla en Quay, donde la base de datos de Quay se almacena en texto plano en el registro espejo en el archivo config.yaml de Jinja. Este problema deja la posibilidad de que un actor malicioso con acceso a este archivo obtenga acceso a la instancia de Redis... • https://access.redhat.com/security/cve/CVE-2024-3625 • CWE-256: Plaintext Storage of a Password •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3623 – Mirror-registry: default database secret key stored in plain-text on initial configuration file
https://notcve.org/view.php?id=CVE-2024-3623
25 Apr 2024 — A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. Se encontró una falla al usar el registro espejo para instalar Quay. • https://access.redhat.com/security/cve/CVE-2024-3623 • CWE-256: Plaintext Storage of a Password •