CVE-2023-0229 – openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions
https://notcve.org/view.php?id=CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. Se encontró un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dicho fallo puede permitir a los usuarios con pocos privilegios configurar el perfil seccomp para los pods que controlan en "unconfined". De forma predeterminada, el perfil seccomp utilizado en la restricción de contexto (restricted-v2 Security Context Constraint, SCC) es "runtime/default", lo que permite a los usuarios deshabilitar seccomp para los pods que pueden crear y modificar. • https://bugzilla.redhat.com/show_bug.cgi?id=2160349 https://access.redhat.com/security/cve/CVE-2023-0229 • CWE-20: Improper Input Validation •
CVE-2023-0296 – openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
https://notcve.org/view.php?id=CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component. The Birthday attack against 64-bit block ciphers (CVE-2016-2183) was reported for the health checks port (9979) on the etcd grpc-proxy component. • https://bugzilla.redhat.com/show_bug.cgi?id=2161287 https://access.redhat.com/security/cve/CVE-2023-0296 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-3259 – OpenShift: Missing HTTP Strict Transport Security
https://notcve.org/view.php?id=CVE-2022-3259
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Openshift 4.9 no utiliza HTTP Strict Transport Security (HSTS), que puede permitir ataques de intermediario (MITM). • https://bugzilla.redhat.com/show_bug.cgi?id=2103220 https://access.redhat.com/security/cve/CVE-2022-3259 • CWE-665: Improper Initialization •
CVE-2022-3260
https://notcve.org/view.php?id=CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. El encabezado de respuesta no ha habilitado X-FRAME-OPTIONS, lo que ayuda a prevenir ataques de Clickjacking. Algunos navegadores interpretarían estos resultados incorrectamente, permitiendo ataques de clickjacking. • https://bugzilla.redhat.com/show_bug.cgi?id=2106780 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2022-3262
https://notcve.org/view.php?id=CVE-2022-3262
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. Se encontró un fallo en Openshift. Un pod con una política DNS de "ClusterFirst" puede resolver incorrectamente el nombre de host según un servicio proporcionado. • https://bugzilla.redhat.com/show_bug.cgi?id=2128858 • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •