Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6531: Red Hat Security Advisory: OpenShift Container Platform 4.10.33 packages and security update

Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#git#java#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-09-21

Updated:

2022-09-21

RHSA-2022:6531 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.10.33 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.33 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:6532

Security Fix(es):

  • jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step

Plugin (CVE-2022-34177)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2103551 - CVE-2022-34177 jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm

SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f

jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm

SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0

jenkins-2.346.3.1663151230-1.el8.src.rpm

SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8

openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm

SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52

python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm

SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970

x86_64

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm

SHA-256: 16d5fd77f697acbfd11555ae8e59e0003787c55be13f653cf46ce91601208ba5

cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm

SHA-256: a1f16ed92fd803ecf907df77b3815d37a1bcc35b51aa45848e570007b54c2b1d

cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm

SHA-256: d252e41444184eb2a553bebbc2ffb085b146a20e45a41afc5e0c2d5b833a03c4

jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm

SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038

jenkins-2.346.3.1663151230-1.el8.noarch.rpm

SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f

openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4

openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5

openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27

python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38

python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa

python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el7.src.rpm

SHA-256: 7f44a6403ab782224e94655b4a9207d4da7901f41ad7823323b8d6375a80016c

x86_64

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el7.x86_64.rpm

SHA-256: 36fd5c88510ef254ec5b6fc3f2008615c2212211d1d6781ab371411ba98fb498

cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el7.x86_64.rpm

SHA-256: bd80561b30424327855c82d978377cf4d8e13f0bf4c4e2a91e52d07288e89b6b

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm

SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f

jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm

SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0

jenkins-2.346.3.1663151230-1.el8.src.rpm

SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8

openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm

SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52

python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm

SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970

ppc64le

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm

SHA-256: c73d12910f492f552bdc6c0d097a0a9e7999a2aa3c61c69256387f8a4a92fe91

cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm

SHA-256: f948549270bf6bf58304c93acf9a7d975f380763907a911f1ab5d209bbae9bfd

cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm

SHA-256: 7509d5f2a6de7c27c227ce95f4e66925f876a82c32440f7fffc0f6599d9e4813

jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm

SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038

jenkins-2.346.3.1663151230-1.el8.noarch.rpm

SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f

openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4

openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5

openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27

python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38

python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa

python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm

SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f

jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm

SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0

jenkins-2.346.3.1663151230-1.el8.src.rpm

SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8

openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm

SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52

python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm

SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970

s390x

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm

SHA-256: ed400c2f6270e360c3720fb1b9725ed378d008df7133b678cef72d20bfde8eb6

cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm

SHA-256: a640a8b8c1774e9812560c4503fd21d4b4a34d3160eef4824f1ee0d3330d1435

cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm

SHA-256: 981d9909d6abd11d8b1bc54a2e36b7d80d60da2ed7dfb1affbfeeeccf9b0f119

jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm

SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038

jenkins-2.346.3.1663151230-1.el8.noarch.rpm

SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f

openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4

openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5

openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27

python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38

python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa

python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm

SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f

jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm

SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0

jenkins-2.346.3.1663151230-1.el8.src.rpm

SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8

openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm

SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52

python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm

SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970

aarch64

cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm

SHA-256: cda07e0137c92d6d6da4bd126f19907b9dbb1e24a6ff3997af7815f048acdddd

cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm

SHA-256: 3302aa5e85f064a2e732bf8a431b91fe6f7babfb0323492077b9bcca9b3d0dd0

cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm

SHA-256: 83de59c4339dd09756a99b7136f77cb02ae141fe16e05904b2b3f0ce6641c130

jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm

SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038

jenkins-2.346.3.1663151230-1.el8.noarch.rpm

SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f

openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4

openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5

openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27

python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm

SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38

python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa

python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm

SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-9111-01

Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.

RHSA-2022:9110: Red Hat Security Advisory: OpenShift Container Platform 4.9.54 packages and security update

Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

Red Hat Security Advisory 2022-6531-01

Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.

CVE-2022-34207: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-34182: Jenkins Security Advisory 2022-06-22

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

CVE-2022-34204: Jenkins Security Advisory 2022-06-22

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

CVE-2022-34177: Jenkins Security Advisory 2022-06-22

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

CVE-2022-34205: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.

CVE-2022-34176: Jenkins Security Advisory 2022-06-22

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

CVE-2022-34175: Jenkins Security Advisory 2022-06-22

Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.

CVE-2022-34200: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-34183: Jenkins Security Advisory 2022-06-22

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.