Headline
RHSA-2023:4835: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 5.1.2 security update
The components for Red Hat OpenShift support for Windows Containers 5.1.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.
- CVE-2023-3955: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-08-29
Updated:
2023-08-29
RHSA-2023:4835 - Security Advisory
- Overview
- Updated Images
Synopsis
Important: Red Hat OpenShift support for Windows Containers 5.1.2 security update
Type/Severity
Security Advisory: Important
Topic
The components for Red Hat OpenShift support for Windows Containers 5.1.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
- kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3676)
- kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3955)
For more details about the security issue(s), including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
Fixes
- BZ - 2227126 - CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
- BZ - 2227128 - CVE-2023-3955 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
x86_64
openshift4-wincw/windows-machine-config-operator-bundle@sha256:4181beeb40fe7610006bfb4ed4f867db2754ac1c9356f422012db89833cb73ba
openshift4-wincw/windows-machine-config-rhel8-operator@sha256:f843bc7006b479794fa7fedd7361a65c19aaf3b6ca0e3feb67ac9edf41ab446e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August
Red Hat Security Advisory 2023-4885-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.
The components for Red Hat OpenShift support for Windows Containers 8.0.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. * CVE-2023-...
Red Hat Security Advisory 2023-4835-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2023-4835-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.
The components for Red Hat OpenShift support for Windows Containers 6.0.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. * CVE-2023-...
The components for Red Hat OpenShift support for Windows Containers 6.0.2 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. * CVE-2023-...
The components for Red Hat OpenShift support for Windows Containers 7.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. * CVE-2023-...
The components for Red Hat OpenShift support for Windows Containers 7.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes. * CVE-2023-...