Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-1655-01

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

Packet Storm
#xss#vulnerability#red_hat#apache#redis#git#kubernetes#rce#ssrf#oauth#auth#rpm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: OpenShift Container Platform 4.10.56 security update
Advisory ID: RHSA-2023:1655-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1655
Issue date: 2023-04-12
CVE Names: CVE-2022-3172 CVE-2022-31690 CVE-2022-31692
CVE-2022-42889 CVE-2023-24422 CVE-2023-27898
CVE-2023-27899 CVE-2023-27903 CVE-2023-27904
=====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.10.56 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.10.56. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2023:1656

Security Fix(es):

  • apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  • spring-security-oauth2-client: Privilege Escalation in
    spring-security-oauth2-client (CVE-2022-31690)

  • spring-security: Authorization rules can be bypassed via forward or
    include dispatcher types in Spring Security (CVE-2022-31692)

  • jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script
    Security Plugin (CVE-2023-24422)

  • Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)

  • Jenkins: Temporary plugin file created with insecure permissions
    (CVE-2023-27899)

  • kube-apiserver: Aggregated API server can cause clients to be redirected
    (SSRF) (CVE-2022-3172)

  • Jenkins: Temporary file parameter created with insecure permissions
    (CVE-2023-27903)

  • Jenkins: Information disclosure through error stack traces related to
    agents (CVE-2023-27904)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For OpenShift Container Platform 4.10 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

2127804 - CVE-2022-3172 kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE
2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
2162206 - CVE-2022-31692 spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
2177626 - CVE-2023-27899 Jenkins: Temporary plugin file created with insecure permissions
2177629 - CVE-2023-27898 Jenkins: XSS vulnerability in plugin manager
2177632 - CVE-2023-27903 Jenkins: Temporary file parameter created with insecure permissions
2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents

  1. Package List:

Red Hat OpenShift Container Platform 4.10:

Source:
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el7.src.rpm
openshift-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src.rpm

x86_64:
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64.rpm
cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64.rpm
openshift-clients-redistributable-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64.rpm
openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.10:

Source:
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.src.rpm
haproxy-2.2.19-4.el8.src.rpm
jenkins-2-plugins-4.10.1680703106-1.el8.src.rpm
jenkins-2.387.1.1680701869-1.el8.src.rpm
kernel-4.18.0-305.85.1.el8_4.src.rpm
kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.src.rpm
openshift-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src.rpm
toolbox-0.0.9-1.rhaos4.10.el8.src.rpm

aarch64:
bpftool-4.18.0-305.85.1.el8_4.aarch64.rpm
bpftool-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm
cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm
cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64.rpm
haproxy-debugsource-2.2.19-4.el8.aarch64.rpm
haproxy22-2.2.19-4.el8.aarch64.rpm
haproxy22-debuginfo-2.2.19-4.el8.aarch64.rpm
kernel-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-core-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-cross-headers-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-core-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-devel-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-modules-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-devel-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-headers-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-modules-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-modules-extra-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-modules-internal-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-selftests-internal-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-tools-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-tools-libs-4.18.0-305.85.1.el8_4.aarch64.rpm
kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.aarch64.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64.rpm
openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64.rpm
perf-4.18.0-305.85.1.el8_4.aarch64.rpm
perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
python3-perf-4.18.0-305.85.1.el8_4.aarch64.rpm
python3-perf-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm

noarch:
jenkins-2-plugins-4.10.1680703106-1.el8.noarch.rpm
jenkins-2.387.1.1680701869-1.el8.noarch.rpm
kernel-doc-4.18.0-305.85.1.el8_4.noarch.rpm
toolbox-0.0.9-1.rhaos4.10.el8.noarch.rpm

ppc64le:
bpftool-4.18.0-305.85.1.el8_4.ppc64le.rpm
bpftool-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm
cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm
cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm
haproxy-debugsource-2.2.19-4.el8.ppc64le.rpm
haproxy22-2.2.19-4.el8.ppc64le.rpm
haproxy22-debuginfo-2.2.19-4.el8.ppc64le.rpm
kernel-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-core-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-cross-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-core-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-headers-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-modules-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-modules-extra-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-modules-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-selftests-internal-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-tools-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-tools-libs-4.18.0-305.85.1.el8_4.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.ppc64le.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le.rpm
openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le.rpm
perf-4.18.0-305.85.1.el8_4.ppc64le.rpm
perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm
python3-perf-4.18.0-305.85.1.el8_4.ppc64le.rpm
python3-perf-debuginfo-4.18.0-305.85.1.el8_4.ppc64le.rpm

s390x:
bpftool-4.18.0-305.85.1.el8_4.s390x.rpm
bpftool-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm
cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm
cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x.rpm
haproxy-debugsource-2.2.19-4.el8.s390x.rpm
haproxy22-2.2.19-4.el8.s390x.rpm
haproxy22-debuginfo-2.2.19-4.el8.s390x.rpm
kernel-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-core-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-cross-headers-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-core-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-devel-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-modules-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-devel-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-headers-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-modules-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-selftests-internal-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-tools-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-core-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-devel-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-modules-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm
kernel-zfcpdump-modules-internal-4.18.0-305.85.1.el8_4.s390x.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x.rpm
openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x.rpm
perf-4.18.0-305.85.1.el8_4.s390x.rpm
perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm
python3-perf-4.18.0-305.85.1.el8_4.s390x.rpm
python3-perf-debuginfo-4.18.0-305.85.1.el8_4.s390x.rpm

x86_64:
bpftool-4.18.0-305.85.1.el8_4.x86_64.rpm
bpftool-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm
cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm
cri-o-debuginfo-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm
cri-o-debugsource-1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64.rpm
haproxy-debugsource-2.2.19-4.el8.x86_64.rpm
haproxy22-2.2.19-4.el8.x86_64.rpm
haproxy22-debuginfo-2.2.19-4.el8.x86_64.rpm
kernel-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-core-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-cross-headers-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-core-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-devel-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-modules-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debug-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-devel-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-headers-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-ipaclones-internal-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-modules-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-modules-extra-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-modules-internal-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-rt-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-core-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debug-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debuginfo-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-devel-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-kvm-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-modules-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-modules-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-rt-selftests-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
kernel-selftests-internal-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-tools-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-tools-libs-4.18.0-305.85.1.el8_4.x86_64.rpm
kernel-tools-libs-devel-4.18.0-305.85.1.el8_4.x86_64.rpm
openshift-clients-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64.rpm
openshift-clients-redistributable-4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64.rpm
openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64.rpm
perf-4.18.0-305.85.1.el8_4.x86_64.rpm
perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm
python3-perf-4.18.0-305.85.1.el8_4.x86_64.rpm
python3-perf-debuginfo-4.18.0-305.85.1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-3172
https://access.redhat.com/security/cve/CVE-2022-31690
https://access.redhat.com/security/cve/CVE-2022-31692
https://access.redhat.com/security/cve/CVE-2022-42889
https://access.redhat.com/security/cve/CVE-2023-24422
https://access.redhat.com/security/cve/CVE-2023-27898
https://access.redhat.com/security/cve/CVE-2023-27899
https://access.redhat.com/security/cve/CVE-2023-27903
https://access.redhat.com/security/cve/CVE-2023-27904
https://access.redhat.com/security/updates/classification/#critical
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZDbdMtzjgjWX9erEAQjYThAAhqisQ9b44x+9/wyDxxvk76uR2NaZPzNo
kabifxq1PnMHASvaD1UwOa9SlMTUSE0WOK0TKSQeLmpPWVSMtbTwg7TQ4ITBCKg3
ci3YZUGUfd8kitT8m+YFabRdjjEvp4zquA7jGHAiyeVNxUqVSCm+3Xu/qnTJBZU+
Lg+ZSHOIGXoAMwrK5tcrjNdWLcXRHwhTx+yTEtI78zT8gOR1SwKeiBeo9PZejwvI
hpzS60Lf2RRvgE1XYpW1QGk27FDEqnKZQwq/xA8VmEFvv5PUn2a/HuzPV6+TE+go
yw3hwZj+NdeVu0tEuPn/nwdybc74LfSN3oQOsJ+IxDHl8wRECe/Ki4db1NlwPCOR
v33fnObzojt8wMSobA63X8smklQTT3h4C5OjG3QH3R7uLv2hUIlrRqBW1+frzMMi
hN7DMt7DCMdSn8a5keKd2apsIHvtzFQLeZDS49fcqkIDEGSmPs/bXHWnRTjlrown
PqJayWgk0LpZcyqxV/K/y4fdCm/+skaY1bX6GLpvMEd29z8LT3R/E3N/HqMHEZO7
DJ/YGc2cxtOBMq5uaLUDIFhcvTUCU46zh+1H8XRlSm4nTFIX0p7tvTCDPVuGvaYv
eAHIdGls6f9obPkOTaLkdN0UCtUDnhT5nSSbL7NH/Tw+rgR/U/idXyuZUt1XrnO8
rcrquYe48D0=
=Ywi7
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2024-0775-03

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:3954: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...

RHSA-2023:3663: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2048: A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests. * CVE-2022-22976: A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum wo...

Red Hat Security Advisory 2023-3609-01

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3609: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

CVE-2023-3140: Security Advisories | KNIME

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.

Red Hat Security Advisory 2023-3299-01

Red Hat Security Advisory 2023-3299-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, deserialization, improper authorization, and information leakage vulnerabilities.

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3299: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An...

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

Red Hat Security Advisory 2023-3195-01

Red Hat Security Advisory 2023-3195-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, information leakage, and insecure permissions vulnerabilities.

Red Hat Security Advisory 2023-3198-01

Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.

RHSA-2023:3195: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execut...

RHSA-2023:3198: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26291: A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that r...

Red Hat Security Advisory 2023-2041-01

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

RHSA-2023:1655: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected acti...

RHSA-2023:1524: Red Hat Security Advisory: OpenShift Container Platform 4.9.59 security update

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vu...

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-1286-01

Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-1285-01

Red Hat Security Advisory 2023-1285-01 - Migration Toolkit for Runtimes 1.0.2 ZIP artifacts. Issues addressed include privilege escalation, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:1286: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update

Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...

RHSA-2023:1285: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update

Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs...

GHSA-rrgp-c2w8-6vg6: Information disclosure through error stack traces related to agents

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

GHSA-584m-7r4m-8j6v: Incorrect Authorization in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

CVE-2023-27904: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

CVE-2023-27901: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

CVE-2023-27898: Jenkins Security Advisory 2023-03-08

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

CVE-2023-27904: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

CVE-2023-27901: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

CVE-2023-27899: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

CVE-2023-27903: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

CVE-2023-27902: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

CVE-2023-27905: Jenkins Security Advisory 2023-03-08

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

CVE-2023-27902: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

CVE-2023-27904: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

CVE-2023-27898: Jenkins Security Advisory 2023-03-08

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

CVE-2023-27905: Jenkins Security Advisory 2023-03-08

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

CVE-2023-27903: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

CVE-2023-27903: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

CVE-2023-27899: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

CVE-2023-27905: Jenkins Security Advisory 2023-03-08

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

CVE-2023-27902: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

CVE-2023-27904: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

CVE-2023-27898: Jenkins Security Advisory 2023-03-08

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

CVE-2023-27901: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

CVE-2023-27899: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

CVE-2023-27903: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

CVE-2023-27901: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

CVE-2023-27898: Jenkins Security Advisory 2023-03-08

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

CVE-2023-27905: Jenkins Security Advisory 2023-03-08

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

CVE-2023-27902: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

CVE-2023-27899: Jenkins Security Advisory 2023-03-08

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

Red Hat Security Advisory 2023-1006-01

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

Red Hat Security Advisory 2023-0469-01

Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

GHSA-76qj-9gwh-pvv3: Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CVE-2023-24440: Jenkins Security Advisory 2023-01-24

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVE-2023-24445: Jenkins Security Advisory 2023-01-24

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

CVE-2023-24429: Jenkins Security Advisory 2023-01-24

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

CVE-2023-24422: Jenkins Security Advisory 2023-01-24

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CVE-2023-24430: Jenkins Security Advisory 2023-01-24

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2023-24431: Jenkins Security Advisory 2023-01-24

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2023-24425: Jenkins Security Advisory 2023-01-24

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

CVE-2023-24435: Jenkins Security Advisory 2023-01-24

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-24449: Jenkins Security Advisory 2023-01-24

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2023-24455: Jenkins Security Advisory 2023-01-24

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2023-24450: Jenkins Security Advisory 2023-01-24

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

RHSA-2023:0469: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40149: jettison: parser crash by stackoverflow * CVE-2022-40150: jettison: memory exhaustion via user-supplied XML or JSON data * CVE-2022-40151: xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks * CVE-2022-40152: woodstox-core: woodstox to...

Red Hat Security Advisory 2022-7399-01

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7398-02

Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

CVE-2022-39166: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CVE-2022-44749: Security Advisories | KNIME

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though.

GHSA-mmmh-wcxm-2wr4: Spring Security authorization rules can be bypassed via forward or include dispatcher types

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

GHSA-32vj-v39g-jh23: spring-security-oauth2-client vulnerable to Privilege Escalation

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

CVE-2022-31690: CVE-2022-31690 | Security

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

CVE-2022-31692: CVE-2022-31692 | Security

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolator...

CVE-2019-19034: AssetExplorer ITAM Solution ServicePacks Readme

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution