CVE-2020-27833
https://notcve.org/view.php?id=CVE-2020-27833
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://access.redhat.com/security/cve/CVE-2020-27833 https://bugzilla.redhat.com/show_bug.cgi?id=1905945 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-10712 – openshift/cluster-image-registry-operator: secrets disclosed in logs
https://notcve.org/view.php?id=CVE-2020-10712
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registro de imagen permitiendo a un atacante conseguir acceso a esos registros, leer y escribir en el almacenamiento que respalda el registro de imágenes interno. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 https://access.redhat.com/security/cve/CVE-2020-10712 https://bugzilla.redhat.com/show_bug.cgi?id=1825161 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-10165 – openshift: OAuth access tokens written in plaintext to API server audit logs
https://notcve.org/view.php?id=CVE-2019-10165
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. OpenShift Container Platform anterior a versión 4.1.3, escribe tokens OAuth en texto plano en los registros de auditoría para el servidor de la API Kubernetes y el servidor de la API OpenShift. Un usuario con privilegios suficientes podría recuperar tokens OAuth de estos registros de auditoría y usarlos para acceder a otros recursos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165 https://github.com/openshift/cluster-kube-apiserver-operator/pull/499 https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205 https://access.redhat.com/security/cve/CVE-2019-10165 https://bugzilla.redhat.com/show_bug.cgi?id=1719092 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-14632 – atomic-openshift: oc patch with json causes masterapi service crash
https://notcve.org/view.php?id=CVE-2018-14632
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres. An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. • https://access.redhat.com/errata/RHBA-2018:2652 https://access.redhat.com/errata/RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2908 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e https://access.redhat.com/security/cve/CVE-2018-14632 https://bugzilla.redhat. • CWE-787: Out-of-bounds Write •
CVE-2018-10843 – source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-10843
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user. El componente source-to-image de Openshift Container Platform en versiones anteriores a atomic-openshift 3.7.53 y atomic-openshift 3.9.31 es vulnerable a un escalado de privilegios que permite que el script assemble se ejecute como usuario root en un contenedor no privilegiado. Un atacante puede usar este fallo para abrir conexiones de red y posiblemente otras acciones en el host que normalmente está disponible solo para un usuario root. A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. • https://access.redhat.com/errata/RHSA-2018:2013 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843 https://access.redhat.com/security/cve/CVE-2018-10843 https://bugzilla.redhat.com/show_bug.cgi?id=1579096 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •