CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3636 – openshift: Injected service-ca.crt incorrectly contains additional internal CAs
https://notcve.org/view.php?id=CVE-2021-3636
28 Jul 2021 — It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se ... • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35514
https://notcve.org/view.php?id=CVE-2020-35514
02 Jun 2021 — An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0... • https://bugzilla.redhat.com/show_bug.cgi?id=1914714 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1761
https://notcve.org/view.php?id=CVE-2020-1761
27 May 2021 — A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por med... • https://bugzilla.redhat.com/show_bug.cgi?id=1813788 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19346 – openshift/mariadb-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19346
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19348 – openshift/apb-base: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19348
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4.... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 39%CPEs: 8EXPL: 1CVE-2019-11253 – Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
https://notcve.org/view.php?id=CVE-2019-11253
16 Oct 2019 — Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive poli... • https://access.redhat.com/errata/RHSA-2019:3239 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14819 – openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade
https://notcve.org/view.php?id=CVE-2019-14819
23 Sep 2019 — A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. Se encontró un fallo durante la actualización de un clúster existente de OpenShift Container Platform versiones 3.x. Usando CRI-O, la cuenta de servicio dockergc es asig... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management CWE-270: Privilege Context Switching Error •
CVSS: 6.5EPSS: 3%CPEs: 9EXPL: 0CVE-2019-11249 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11249
29 Aug 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions ... • https://access.redhat.com/errata/RHBA-2019:2794 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11247 – Kubernetes kube-apiserver allows access to custom resources via wrong scope
https://notcve.org/view.php?id=CVE-2019-11247
15 Aug 2019 — The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9... • https://access.redhat.com/errata/RHBA-2019:2816 • CWE-20: Improper Input Validation CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 10%CPEs: 55EXPL: 0CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •