Headline
RHSA-2022:4947: Red Hat Security Advisory: OpenShift Container Platform 4.6.59 security update
Red Hat OpenShift Container Platform release 4.6.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
- CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin
- CVE-2022-29046: subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-06-17
Updated:
2022-06-17
RHSA-2022:4947 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.6.59 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.6.59 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:4948
Security Fix(es):
- credentials: Stored XSS vulnerabilities in jenkins plugin
(CVE-2022-29036)
- subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
(CVE-2022-29046)
- cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
Fixes
- BZ - 2074847 - CVE-2022-29036 credentials: Stored XSS vulnerabilities in jenkins plugin
- BZ - 2074851 - CVE-2022-29046 subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
- BZ - 2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform 4.6 for RHEL 8
SRPM
conmon-2.0.21-3.rhaos4.6.el8.src.rpm
SHA-256: a3ead7749505b31271c38ff31c4d430745103a970bfbebb6b259f30129cf89b2
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.src.rpm
SHA-256: 19d68fbd8e06766c2dfff107a7cdb594ea724ee6b68f8677545c5b83507a3540
cri-tools-1.19.0-7.el8.src.rpm
SHA-256: b91da3ce941de484738fff951163623fcc39cbad071f7b649082ce5e930783ec
ignition-2.6.0-9.rhaos4.6.git947598e.el8.src.rpm
SHA-256: b23e6618e63d6a32e75b5ef4598cfb08ea9b1fe4cb50278fd8bc50a30bb7e1fe
jenkins-2-plugins-4.6.1653312933-1.el8.src.rpm
SHA-256: 4a5bcd60cce5d469b3affc9ef746f871bbc4962f183a04fc80bc01b9630b6a9d
openshift-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src.rpm
SHA-256: abb8e4c8f330558ca950428a79c4ec91e503688d96e304e438cb94320771fb77
x86_64
conmon-2.0.21-3.rhaos4.6.el8.x86_64.rpm
SHA-256: c673ca66a0ac7763ca0f1bdac5f5dfc039525dad8c1fcd02ae3493b956e48e92
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64.rpm
SHA-256: 7e0f3d802b949288ae112147af1811251476aa41b000b74604b438388ee3859c
cri-o-debuginfo-1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64.rpm
SHA-256: 3185ffca5ad5c614ea40bf7b113bc4ae1ed0f6f7f6b9c7902dcb8c4e9cd08f7f
cri-o-debugsource-1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64.rpm
SHA-256: 133e2d1017c152887136c38268b55f200ca6f06e2ff4ef1e79dd62b30232bff7
cri-tools-1.19.0-7.el8.x86_64.rpm
SHA-256: d1066b2196041712eb4d08b4b7a95dadbce78c430d5694ec5f71af0ed5f1845b
cri-tools-debuginfo-1.19.0-7.el8.x86_64.rpm
SHA-256: 8fe5a740f24082d608d5740d19407e7ab9ec2ac8d4ecdd5e516f91f35dafe9b0
cri-tools-debugsource-1.19.0-7.el8.x86_64.rpm
SHA-256: c364b3c222c65adca8465bf5e72c660c51f1c4e754fe0b7035becca3f3447401
ignition-2.6.0-9.rhaos4.6.git947598e.el8.x86_64.rpm
SHA-256: 56e47668b7b505b702d988e6a6a9bd6226f4e308dd0ff131d69f7cafc732c185
ignition-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.x86_64.rpm
SHA-256: 1d8935087097732626803f48186cbc124e9777907fa6577aabee204e181d1dd6
ignition-debugsource-2.6.0-9.rhaos4.6.git947598e.el8.x86_64.rpm
SHA-256: 5a475c0afbe51b8c3eabf06c382a38b3eb5686e98714982044afc69be4acd6e3
ignition-validate-2.6.0-9.rhaos4.6.git947598e.el8.x86_64.rpm
SHA-256: dcb1e3332204aaf0b2ddf0797a54795d15d6d49f25388db0071fda4d5c6dda49
ignition-validate-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.x86_64.rpm
SHA-256: d4f2c2ba4bf07ddecfb6c0bb978ab6c82beb5c41c8ecbaf4135e5a5f48320626
jenkins-2-plugins-4.6.1653312933-1.el8.noarch.rpm
SHA-256: c09748174f9fa7631a22f11d020c854b258c34081a7269cdf91817c864eb1625
openshift-hyperkube-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64.rpm
SHA-256: 500c0316851a96ab6a706e9a496fed9271cc8b34d08273c3e36f6cc38d016825
Red Hat OpenShift Container Platform 4.6 for RHEL 7
SRPM
conmon-2.0.21-3.rhaos4.6.el7.src.rpm
SHA-256: 6ff79d7f7b78f1a64247830bc2281bea0f59ec28f5f695a0420477899cbcb647
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el7.src.rpm
SHA-256: f5db0933d981ed0dc1b1a90e17ac098e9e984d575fe6e35ae4e054de1fed5e90
openshift-4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src.rpm
SHA-256: a2596cb807a46128bf07ba3c4a1a49e5af1a2daffce167d13facb32bd1a7a698
x86_64
conmon-2.0.21-3.rhaos4.6.el7.x86_64.rpm
SHA-256: 910a770b6f7f2966805922aefd972ac05caa4d396fba5a62f16dc26e0bbd1189
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64.rpm
SHA-256: d26d52f2328d9955e760bb3155670e05fb218c9cf2dea04e4429ae5b0ff875e3
cri-o-debuginfo-1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64.rpm
SHA-256: 20486c1bd60d2737fb0da234bcd53a86ce0a71b04e38d22b2f8889207a5b3e0f
openshift-hyperkube-4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64.rpm
SHA-256: 4a40bfef9d75b9ba1f051c59769b9d1657838a0a5889d751d2ec964b7729c23f
Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8
SRPM
conmon-2.0.21-3.rhaos4.6.el8.src.rpm
SHA-256: a3ead7749505b31271c38ff31c4d430745103a970bfbebb6b259f30129cf89b2
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.src.rpm
SHA-256: 19d68fbd8e06766c2dfff107a7cdb594ea724ee6b68f8677545c5b83507a3540
cri-tools-1.19.0-7.el8.src.rpm
SHA-256: b91da3ce941de484738fff951163623fcc39cbad071f7b649082ce5e930783ec
ignition-2.6.0-9.rhaos4.6.git947598e.el8.src.rpm
SHA-256: b23e6618e63d6a32e75b5ef4598cfb08ea9b1fe4cb50278fd8bc50a30bb7e1fe
jenkins-2-plugins-4.6.1653312933-1.el8.src.rpm
SHA-256: 4a5bcd60cce5d469b3affc9ef746f871bbc4962f183a04fc80bc01b9630b6a9d
openshift-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src.rpm
SHA-256: abb8e4c8f330558ca950428a79c4ec91e503688d96e304e438cb94320771fb77
ppc64le
conmon-2.0.21-3.rhaos4.6.el8.ppc64le.rpm
SHA-256: d5ec0714a9fdfec96f77584794cee0dd63d01c7c0519a53f9d8256f5c7f858ab
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le.rpm
SHA-256: 1f0946b635cfb46b375fe12c21efd1fa1eff0a94e502ac860384a0739148fe62
cri-o-debuginfo-1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le.rpm
SHA-256: 879d3114404b5153ebe01c06d575d8b4b8db6a723dc9cfea591ae0dc44f605a6
cri-o-debugsource-1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le.rpm
SHA-256: aa42866dec3bb996241d5938318f8d035ca442b850ccdd21e1e4e8ad7cfdbee1
cri-tools-1.19.0-7.el8.ppc64le.rpm
SHA-256: a775ea75b8144a77ad999518c79c4873fb117d24246abb76d0334650c05d819e
cri-tools-debuginfo-1.19.0-7.el8.ppc64le.rpm
SHA-256: 984e83622a6842eb19168169ccbbeca7b98cfb16730b16fd68b87f8ea17b265a
cri-tools-debugsource-1.19.0-7.el8.ppc64le.rpm
SHA-256: c480abeb6d97da4ca8fd0ce6ba75c460a64043f153c45d31f0b1e1baee65f08f
ignition-2.6.0-9.rhaos4.6.git947598e.el8.ppc64le.rpm
SHA-256: ec4c034ef512b06383e3a2c031240a0357c1dc0ccef045c0abd37d424a4c6d07
ignition-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.ppc64le.rpm
SHA-256: 4b4d9e6df4ef546bbca99e01afb21e4cc0c996657470b643beb6f5b7e5b6c210
ignition-debugsource-2.6.0-9.rhaos4.6.git947598e.el8.ppc64le.rpm
SHA-256: a162b8a995efc056b9eed992449aa4d2d1a48a3566fbb61f3fda638025f860df
ignition-validate-2.6.0-9.rhaos4.6.git947598e.el8.ppc64le.rpm
SHA-256: 0202c90bedd56b5d8512ebd4f9bf38e016d16fe690443b9418825dba85c12a6e
ignition-validate-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.ppc64le.rpm
SHA-256: 2b57572ac5c5988db011efee226ab31c1d6b4573aa0a9c05608ce0ea730fb867
jenkins-2-plugins-4.6.1653312933-1.el8.noarch.rpm
SHA-256: c09748174f9fa7631a22f11d020c854b258c34081a7269cdf91817c864eb1625
openshift-hyperkube-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le.rpm
SHA-256: e1ae6dec9b22efca5eeb64d2b0d179dfc3fbed711776622bafef3e03e470c05e
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8
SRPM
conmon-2.0.21-3.rhaos4.6.el8.src.rpm
SHA-256: a3ead7749505b31271c38ff31c4d430745103a970bfbebb6b259f30129cf89b2
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.src.rpm
SHA-256: 19d68fbd8e06766c2dfff107a7cdb594ea724ee6b68f8677545c5b83507a3540
cri-tools-1.19.0-7.el8.src.rpm
SHA-256: b91da3ce941de484738fff951163623fcc39cbad071f7b649082ce5e930783ec
ignition-2.6.0-9.rhaos4.6.git947598e.el8.src.rpm
SHA-256: b23e6618e63d6a32e75b5ef4598cfb08ea9b1fe4cb50278fd8bc50a30bb7e1fe
jenkins-2-plugins-4.6.1653312933-1.el8.src.rpm
SHA-256: 4a5bcd60cce5d469b3affc9ef746f871bbc4962f183a04fc80bc01b9630b6a9d
openshift-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src.rpm
SHA-256: abb8e4c8f330558ca950428a79c4ec91e503688d96e304e438cb94320771fb77
s390x
conmon-2.0.21-3.rhaos4.6.el8.s390x.rpm
SHA-256: 191a90e095e9b76b10743637feba771b50dc9e1e733e0e6cd0bd3e34bd92f4b5
cri-o-1.19.7-2.rhaos4.6.git3c20b65.el8.s390x.rpm
SHA-256: e206086fc956c68cd6a68c0be34f28d5fd4419fa08822371171e1a793c770cbf
cri-o-debuginfo-1.19.7-2.rhaos4.6.git3c20b65.el8.s390x.rpm
SHA-256: e95d0ba627a9b87027c5991f1d3bac9e9191efbe4df276d34103c050d33dc7d3
cri-o-debugsource-1.19.7-2.rhaos4.6.git3c20b65.el8.s390x.rpm
SHA-256: 7466060b8d1f9f858869350f673c6857343d8e7bb57d2ee2c20100b007548ff7
cri-tools-1.19.0-7.el8.s390x.rpm
SHA-256: db9f292b8cb97a900bc1dfbc7e61bf7b129b7d5ebb0b2b7b2e2e491b090742d6
cri-tools-debuginfo-1.19.0-7.el8.s390x.rpm
SHA-256: 6c8650d4d7ca430349bfc6f25075490f06072ec9c8ea894699f7e590314a6b40
cri-tools-debugsource-1.19.0-7.el8.s390x.rpm
SHA-256: c54f7f9bbebf5c07dcf7618458ba5b309ca8ac56ab5628f8abdb7e047771161f
ignition-2.6.0-9.rhaos4.6.git947598e.el8.s390x.rpm
SHA-256: f736633f85c842d01d9cf9bc3db0736d8a90543222aaaa3ed86aaad66255c2ee
ignition-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.s390x.rpm
SHA-256: 588a08ffa262ec2b8e9fcfaeec5972864b22c2afd8accaf638d6fc97e3abc138
ignition-debugsource-2.6.0-9.rhaos4.6.git947598e.el8.s390x.rpm
SHA-256: b04f60a0bbaaf61286eed748ecbac415d82849b4aa1326c988c4bea55f7c60fb
ignition-validate-2.6.0-9.rhaos4.6.git947598e.el8.s390x.rpm
SHA-256: 37d974c07d9e4fff7e5f1b856efe8783fc74899ae14d38bd024da392c9d5c0eb
ignition-validate-debuginfo-2.6.0-9.rhaos4.6.git947598e.el8.s390x.rpm
SHA-256: 129391ab5706a63452409f88b80c8eed1d33b44cf93cd61d7e7263fd65997a58
jenkins-2-plugins-4.6.1653312933-1.el8.noarch.rpm
SHA-256: c09748174f9fa7631a22f11d020c854b258c34081a7269cdf91817c864eb1625
openshift-hyperkube-4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x.rpm
SHA-256: 963c223b77b8845147d56cc0ab49eb20f6f2a9fdaf59f32325dee1744435b028
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat OpenShift Container Platform release 3.11.715 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-4951-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.43. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4943-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.18. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4972-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.38. Issues addressed include a memory exhaustion vulnerability.
Red Hat OpenShift Container Platform release 4.8.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.7.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.9.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.10.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat Security Advisory 2022-4909-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.52. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-4909-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.52. Issues addressed include a cross site scripting vulnerability.
Red Hat OpenShift Container Platform release 4.7.52 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion: Stored XSS vulnerabilities in Jenkins subversion plugin * CVE-2022-29047: Pipeline Shared Groov...
Red Hat OpenShift Container Platform release 4.7.52 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion: Stored XSS vulnerabilities in Jenkins subversion plugin * CVE-2022-29047: Pipeline Shared Groov...
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI-O then reads the output and returns it to the Kubelet. If the output of the command is large enough, it is possible to exhaust the memory (or disk usage) of the node. The following deployment is an example yaml file that will output around 8GB of ‘A’ characters, which would be written to disk by conmon and read by CRI-O. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment100 spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 lifecycle: postStart: exec: command: ["/bin/s...
Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.
Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.
Red Hat Security Advisory 2022-2280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat Security Advisory 2022-2280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file
Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file
Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion:...
Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion:...
Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.
Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29041: Jira: Stored XSS vulnerabilities in Jenkins Jira plugin * CVE-2022-29046: subversion: Stored XSS vulnerabil...
Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29041: Jira: Stored XSS vulnerabilities in Jenkins Jira plugin * CVE-2022-29046: subversion: Stored XSS vulnerabil...
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.