CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27833
https://notcve.org/view.php?id=CVE-2020-27833
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://access.redhat.com/security/cve/CVE-2020-27833 https://bugzilla.redhat.com/show_bug.cgi?id=1905945 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14298 – docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc
https://notcve.org/view.php?id=CVE-2020-14298
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. La versión de Docker según lo publicado para Red Hat Enterprise Linux 7 Extras por medio del aviso RHBA-2020:0053 incluía una versión incorrecta de runc que no tenía la corrección para CVE-2019-5736, que se corrigió previamente por medio de RHSA-2019:0304. • https://access.redhat.com/errata/RHBA-2020:0427 https://access.redhat.com/security/cve/CVE-2020-14298 https://access.redhat.com/security/vulnerabilities/runcescape https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736 https://bugzilla.redhat.com/show_bug.cgi?id=1848239 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10712 – openshift/cluster-image-registry-operator: secrets disclosed in logs
https://notcve.org/view.php?id=CVE-2020-10712
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registro de imagen permitiendo a un atacante conseguir acceso a esos registros, leer y escribir en el almacenamiento que respalda el registro de imágenes interno. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 https://access.redhat.com/security/cve/CVE-2020-10712 https://bugzilla.redhat.com/show_bug.cgi?id=1825161 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3889 – atomic-openshift: reflected XSS in authentication flow
https://notcve.org/view.php?id=CVE-2019-3889
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. Se presenta una vulnerabilidad de tipo XSS reflejada en el flujo de autorización de OpenShift Container Platform versiones: openshift-online- versión 3, openshift-enterprise- versiones 3.4 hasta 3.7 y openshift-enterprise- versiones 3.9 hasta 3.11. Un atacante podría utilizar este defecto para robar datos de autorización logrando que hagan clic en un enlace malicioso. A reflected XSS vulnerability exists in the authentication flow of the OpenShift Container Platform. • https://access.redhat.com/errata/RHSA-2019:3722 https://access.redhat.com/errata/RHSA-2019:3770 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3889 https://access.redhat.com/security/cve/CVE-2019-3889 https://bugzilla.redhat.com/show_bug.cgi?id=1693499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10165 – openshift: OAuth access tokens written in plaintext to API server audit logs
https://notcve.org/view.php?id=CVE-2019-10165
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. OpenShift Container Platform anterior a versión 4.1.3, escribe tokens OAuth en texto plano en los registros de auditoría para el servidor de la API Kubernetes y el servidor de la API OpenShift. Un usuario con privilegios suficientes podría recuperar tokens OAuth de estos registros de auditoría y usarlos para acceder a otros recursos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165 https://github.com/openshift/cluster-kube-apiserver-operator/pull/499 https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205 https://access.redhat.com/security/cve/CVE-2019-10165 https://bugzilla.redhat.com/show_bug.cgi?id=1719092 • CWE-532: Insertion of Sensitive Information into Log File •