Headline
RHSA-2022:6531: Red Hat Security Advisory: OpenShift Container Platform 4.10.33 packages and security update
Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-09-21
Updated:
2022-09-21
RHSA-2022:6531 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.10.33 packages and security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.10.33 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:6532
Security Fix(es):
- jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step
Plugin (CVE-2022-34177)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2103551 - CVE-2022-34177 jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Red Hat OpenShift Container Platform 4.10 for RHEL 8
SRPM
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm
SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f
jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm
SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0
jenkins-2.346.3.1663151230-1.el8.src.rpm
SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8
openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm
SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52
python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm
SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970
x86_64
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm
SHA-256: 16d5fd77f697acbfd11555ae8e59e0003787c55be13f653cf46ce91601208ba5
cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm
SHA-256: a1f16ed92fd803ecf907df77b3815d37a1bcc35b51aa45848e570007b54c2b1d
cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.x86_64.rpm
SHA-256: d252e41444184eb2a553bebbc2ffb085b146a20e45a41afc5e0c2d5b833a03c4
jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm
SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038
jenkins-2.346.3.1663151230-1.el8.noarch.rpm
SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f
openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4
openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5
openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27
python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38
python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa
python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d
Red Hat OpenShift Container Platform 4.10 for RHEL 7
SRPM
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el7.src.rpm
SHA-256: 7f44a6403ab782224e94655b4a9207d4da7901f41ad7823323b8d6375a80016c
x86_64
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el7.x86_64.rpm
SHA-256: 36fd5c88510ef254ec5b6fc3f2008615c2212211d1d6781ab371411ba98fb498
cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el7.x86_64.rpm
SHA-256: bd80561b30424327855c82d978377cf4d8e13f0bf4c4e2a91e52d07288e89b6b
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8
SRPM
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm
SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f
jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm
SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0
jenkins-2.346.3.1663151230-1.el8.src.rpm
SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8
openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm
SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52
python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm
SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970
ppc64le
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm
SHA-256: c73d12910f492f552bdc6c0d097a0a9e7999a2aa3c61c69256387f8a4a92fe91
cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm
SHA-256: f948549270bf6bf58304c93acf9a7d975f380763907a911f1ab5d209bbae9bfd
cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.ppc64le.rpm
SHA-256: 7509d5f2a6de7c27c227ce95f4e66925f876a82c32440f7fffc0f6599d9e4813
jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm
SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038
jenkins-2.346.3.1663151230-1.el8.noarch.rpm
SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f
openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4
openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5
openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27
python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38
python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa
python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8
SRPM
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm
SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f
jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm
SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0
jenkins-2.346.3.1663151230-1.el8.src.rpm
SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8
openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm
SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52
python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm
SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970
s390x
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm
SHA-256: ed400c2f6270e360c3720fb1b9725ed378d008df7133b678cef72d20bfde8eb6
cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm
SHA-256: a640a8b8c1774e9812560c4503fd21d4b4a34d3160eef4824f1ee0d3330d1435
cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.s390x.rpm
SHA-256: 981d9909d6abd11d8b1bc54a2e36b7d80d60da2ed7dfb1affbfeeeccf9b0f119
jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm
SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038
jenkins-2.346.3.1663151230-1.el8.noarch.rpm
SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f
openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4
openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5
openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27
python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38
python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa
python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d
Red Hat OpenShift Container Platform for ARM 64 4.10
SRPM
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.src.rpm
SHA-256: a12ad3322532a8c2bc3f22e299d3c57a505ac81f963a124bcdfc4ee9501da40f
jenkins-2-plugins-4.10.1663147786-1.el8.src.rpm
SHA-256: 01f4ef5e0623d1ed58b4d49822a9f16550e0528b28c8821d40a097b97ff69da0
jenkins-2.346.3.1663151230-1.el8.src.rpm
SHA-256: 76cb30ecd3d3c697411d37f5f88f478c1988c1781d7fbc1752cf4b9f14b4bdd8
openstack-ironic-19.0.1-0.20220907234401.d85d7f8.el8.src.rpm
SHA-256: b86d6f586c5d08fa5849a6affd4a44b6fcc5db37e73fb802eecf130f51b76a52
python-sushy-4.1.2-0.20220913104404.1ae8e49.el8.src.rpm
SHA-256: 8bff7bd74d895d1a26f4cd5650c913c2ad7c8ece3278292354969a15ddafa970
aarch64
cri-o-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm
SHA-256: cda07e0137c92d6d6da4bd126f19907b9dbb1e24a6ff3997af7815f048acdddd
cri-o-debuginfo-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm
SHA-256: 3302aa5e85f064a2e732bf8a431b91fe6f7babfb0323492077b9bcca9b3d0dd0
cri-o-debugsource-1.23.3-17.rhaos4.10.git016b1ca.el8.aarch64.rpm
SHA-256: 83de59c4339dd09756a99b7136f77cb02ae141fe16e05904b2b3f0ce6641c130
jenkins-2-plugins-4.10.1663147786-1.el8.noarch.rpm
SHA-256: 7ca7a8435da08ec5d9ecfc93d60a898d189a1609ea003378056e9e3bf2052038
jenkins-2.346.3.1663151230-1.el8.noarch.rpm
SHA-256: a29288757b64f7049e5e0d2ab3a2491eb9c4c92ac9a99bb350cc6b6cb769c68f
openstack-ironic-api-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 3af50aaf5af47ad685dde37072db244374c24a3f8495fe072c207a66e577cef4
openstack-ironic-common-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 7401222845a5dfe549e9b0a9bc02458d4b991244f714a83f01175f886b3f15f5
openstack-ironic-conductor-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: 1ab07ae8c4771e4690dbf06d71324aa852f4df5bb76ec839b54d2d1bd1858f27
python3-ironic-tests-19.0.1-0.20220907234401.d85d7f8.el8.noarch.rpm
SHA-256: d95c8846db4ed7b32fb784b34365565a7769b022c67bd0c325ec80d389fa3f38
python3-sushy-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 69c48d146647e1424fd067b66e099d0e261a8cdb3b1af04876f7a6e41de812fa
python3-sushy-tests-4.1.2-0.20220913104404.1ae8e49.el8.noarch.rpm
SHA-256: 9aa8479199553b44496f9e7ab977eef5da4a8d17bd1d3eca2ae24649fa62cc1d
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.