Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4862: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
  • CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
  • CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. This flaw allows attackers to run arbitrary code.
Red Hat Security Data
#vulnerability#red_hat#kubernetes

Issued:

2023-08-29

Updated:

2023-08-29

RHSA-2023:4862 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Critical: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Type/Severity

Security Advisory: Critical

Topic

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

Description

Multicluster Engine for Kubernetes 2.3.1 images

Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):

  • CVE-2023-3089 openshift: OCP & FIPS mode
  • CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the

sandbox and run arbitrary code

  • CVE-2023-37466 - vm2: Promise handler sanitization can be bypassed allowing

attackers to escape the sandbox and run arbitrary code

Affected Products

  • multicluster engine for Kubernetes Text-only Advisories x86_64

Fixes

  • BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
  • BZ - 2224969 - CVE-2023-37903 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code
  • BZ - 2232376 - CVE-2023-37466 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

aarch64

multicluster-engine/addon-manager-rhel8@sha256:cc63ba00100aa400a62879b3d626299de90bf6d1b656efe630fbf55d5c3560cb

multicluster-engine/agent-service-rhel8@sha256:fc42bb477f31abe0a38d91f69e6e87d5708a3d8804be8c70e28cfdd1e2c79f4f

multicluster-engine/apiserver-network-proxy-rhel8@sha256:de2c082c13c10af5200449d864b8183c0b50072bdb14e013acd5a68f9ce59038

multicluster-engine/assisted-image-service-rhel8@sha256:8a0cf7b7c7f6ab7d1633b199c384c54229c587f74722525a9ea404526ad0f535

multicluster-engine/assisted-installer-agent-rhel8@sha256:1641b0e5ca5025cf77270eeb984623210032720795d3389c385b7ef6be03ea11

multicluster-engine/assisted-installer-reporter-rhel8@sha256:6f84711ba30c7529d620864197922df08483048cb43015c8dbb8aad95c088f29

multicluster-engine/assisted-installer-rhel8@sha256:15215af26dc92a0e96b6deea8f55937f25623ca98ad1fac00492f2d7b31267a0

multicluster-engine/aws-encryption-provider-rhel8@sha256:4bb48c97bcf04405aa251c878357727a8dd81e15414b5e47a1e402a80143225c

multicluster-engine/backplane-rhel8-operator@sha256:80186e8d2650f6b86ec6361cab479125d2fc2eb03ee8e2da549f66bcd32d2a65

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:3ff1d9047b057498e30119c6982b282d463c15aabf7f5c05014f8ab2880a9604

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:3ff1d9047b057498e30119c6982b282d463c15aabf7f5c05014f8ab2880a9604

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:3c7c20616dfd117ee5d97d577265dfa13567879406219ddc98ce245bf6b630cd

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:11b6e3dc67d8419dbdc684117eb3818550c7116ab5b58adfe949f73d528e809a

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:128a9f76b7e93a0c3d1894e2c3d8a8403f5b21f225ff780176ae4a08cd293651

multicluster-engine/cluster-api-rhel8@sha256:7cb1663dc23978186302ebc75c3f468d0d1e4ac7ffa3d59167837ec9aff01031

multicluster-engine/cluster-curator-controller-rhel8@sha256:c92e65e7fd1d344d30035656623e7fdad258c2b2b85caa225456228c3804a49c

multicluster-engine/cluster-image-set-controller-rhel8@sha256:af7ba02c5683b1edd6b1c93b49815c8913a96615deda6ea540d12e9036139516

multicluster-engine/cluster-proxy-addon-rhel8@sha256:c5fdb348ede5e6c5aacba6570c492e12f94f479876aadb7e248ff6a5ec2936f0

multicluster-engine/cluster-proxy-rhel8@sha256:8fd18fdab12c5f17a3754e33a44abde57eb19dc12beb6744b7aeb745832dc10a

multicluster-engine/clusterclaims-controller-rhel8@sha256:1d53a3177e4d745c0bfac4b3caf6de7a430c0aa79ac57044c22b4e131022a306

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:89abf93ca7cafed5b2338b2bb52bc4dbcab0a7d2922d412485f99bc8533ad9c3

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:4c257b61e2b6b85adbbf1dcd5b108cca53f51a726294e227add2d9b73ed9ab81

multicluster-engine/console-mce-rhel8@sha256:4c257b61e2b6b85adbbf1dcd5b108cca53f51a726294e227add2d9b73ed9ab81

multicluster-engine/discovery-rhel8@sha256:1b0b1eb7467034b9661df9d4c63be2d1e677b6110e2e4abb03c87e827ee073fc

multicluster-engine/hive-rhel8@sha256:9ad55782ce94d9bbd0ccef475804e8a1c5747b04b091fc1f5e1ce6e2e8b71d69

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:5313694f9da4fa109b6945d0a418edb9e75a5cd63435a66f9829a198ff11e463

multicluster-engine/hypershift-addon-rhel8-operator@sha256:5313694f9da4fa109b6945d0a418edb9e75a5cd63435a66f9829a198ff11e463

multicluster-engine/hypershift-cli-rhel8@sha256:88d81dd04bb2c6efb6f4fba86af2d8b77ce561627feafb9355cec5387015ad92

multicluster-engine/hypershift-rhel8-operator@sha256:d04e8285e9f699d716c03feb17586a4197b01a80e51f2b5f6ef6f6f90307f2bd

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:b12aa808fcc8e117a4856284dc4adf09b648b02d3efbad56776b430ffd59ce92

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:fa3e93f8b44d833790387786a47944b05f64e0a09305814a48226e5f0836c7d8

multicluster-engine/managed-serviceaccount-rhel8@sha256:fa3e93f8b44d833790387786a47944b05f64e0a09305814a48226e5f0836c7d8

multicluster-engine/managedcluster-import-controller-rhel8@sha256:f7fc9848d9237cf904751d9b11ca82265228d488037b757a21081310dbb7fc14

multicluster-engine/multicloud-manager-rhel8@sha256:bd7875c7f12e857ef9a18eac37995b9bc7870695710c2d75e74be1b069c8f8ed

multicluster-engine/must-gather-rhel8@sha256:e640ffafeaea4202a5fa60b42c742bab7373c87a73936cc7e0e3b593df94af7d

multicluster-engine/placement-rhel8@sha256:b6de6f855d966b04b82923743cdffc0b1f4b8ffaa54576f8ac2a22a79daf13d1

multicluster-engine/provider-credential-controller-rhel8@sha256:c4222c37e79e0159f4fedd9d8c0a5eebe0c80a8f7ec71b3045d2c43bfa6f288a

multicluster-engine/registration-operator-rhel8@sha256:663666b1a0e3501167aa380117945adfa7637a4ac66201c2943cc81936f970df

multicluster-engine/registration-rhel8@sha256:f6f58f94e365894fb235e1fe772eca25bf4828df3801bcf8d78aa56d3f6b6cff

multicluster-engine/work-rhel8@sha256:845ac66858539f6c3e3973dd22ffc5d74c28c973b3df2907e7a5fec92636bc80

ppc64le

multicluster-engine/addon-manager-rhel8@sha256:c7dabda148d08a9a7fcd1c6f7071771095d66d8692a97c4dc8a283bbbadd3f57

multicluster-engine/agent-service-rhel8@sha256:047a64071dbf9c749c9a45adda04337da565309765120c737e45b57eb2d0fc11

multicluster-engine/apiserver-network-proxy-rhel8@sha256:a4f1012bc118e8e84b81fef373396f936474ce97ec49082ce494bf58320d895a

multicluster-engine/assisted-image-service-rhel8@sha256:081e834b6321aadaa41a32aeb1e4cebbff9f0ff97b0f7d8439e31cd766d97fb5

multicluster-engine/assisted-installer-agent-rhel8@sha256:f0bb2414be608cf2b2165ec7f447d1dc0872d1c88e7bcb94fdd6ecea00bd118f

multicluster-engine/assisted-installer-reporter-rhel8@sha256:8cb0370f1e02a9cb4efde42c2a5603ee381f0439032d47e4820dec389b7983b4

multicluster-engine/assisted-installer-rhel8@sha256:687a81c63b5f29e1b1d261bb30aa9680c0be1796d367fbe6a444780b9879b62b

multicluster-engine/aws-encryption-provider-rhel8@sha256:2f881115c821d32ddd28fa0f8ab4a0cc97fb983bfa47979e5a610ad71060b85b

multicluster-engine/backplane-rhel8-operator@sha256:e955b27544ebb5fc8fafe6f47126bc6b582db2926491494edbf9035f72bd3d1e

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:92be26745d91f855ee0d7bdd593e7323e478d9e78780a965763c525eb46c3c4c

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:92be26745d91f855ee0d7bdd593e7323e478d9e78780a965763c525eb46c3c4c

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:58770c8ebba9589c840415e15d8a5a253165197860d08f4fcb67895f2c53180d

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:8759cd1617a2b2ee1bbcd0e39e8e80d89536823b22bab9404d408eb717cd0582

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:529bd224d886d439f2314415cb3f6fe49b8e1b7a93057757c7128369e3206778

multicluster-engine/cluster-api-rhel8@sha256:53f8d3a1bda8957dd7d4771af62b2edcb43fcb376c680a0cdfe81f844a898b64

multicluster-engine/cluster-curator-controller-rhel8@sha256:7f115848660571349ef69849be7e31777f159f5156022525011e21f90ebeb5b8

multicluster-engine/cluster-image-set-controller-rhel8@sha256:3eae46845050663f6c86d0f2f3447cad198bd1548cd3e21ccc29732660b50e3c

multicluster-engine/cluster-proxy-addon-rhel8@sha256:85f9e08be24f1c0ed2a983246aa5eaa1fa8a95d437feefe2c39f5cce3cba49d2

multicluster-engine/cluster-proxy-rhel8@sha256:2cea33d15e4345726ef75fe3dbef3aa9122a42a973daa206c2bfd91a1feb3e0c

multicluster-engine/clusterclaims-controller-rhel8@sha256:39eeb28b5739d9285addf2efb4c6929c2086345c4508769f16ed766cc8af5784

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:5db362ac9cacd6e4e598c5e792f951c82958e45e764053362836e6cdaf492896

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:8439c1387dad32f0c3bad8fde8e894fce85a4080edf214d950eb03daafde78fe

multicluster-engine/console-mce-rhel8@sha256:8439c1387dad32f0c3bad8fde8e894fce85a4080edf214d950eb03daafde78fe

multicluster-engine/discovery-rhel8@sha256:ad5b199f8d4e0c7b51723d5611560bbb4d570f79abfd97b01282f9194a3cab4e

multicluster-engine/hive-rhel8@sha256:33f19bde33a453c15a182ee1c4631d0141d1e4073c7003c317f89551855e6f53

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:e1a340a056b690e43f236a17094b79d5af76a88fbb99becb3111e2a694d86a12

multicluster-engine/hypershift-addon-rhel8-operator@sha256:e1a340a056b690e43f236a17094b79d5af76a88fbb99becb3111e2a694d86a12

multicluster-engine/hypershift-cli-rhel8@sha256:ff9c43bedf69c494f94bb196e0393ed4908a0fb6a827dd18e81023ed96a3abef

multicluster-engine/hypershift-rhel8-operator@sha256:f7cab32ba3fbad2c0369b628a3b83c360a0f035b5abfe9bcc12540a41930aee5

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:0222c9c148d9f8842e848faccdc1c2b4d7c062876473c8376c481c75b3593b26

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:6d69212b58623df24eea1714b42171bf503fe6ff0e9be3225eacbdbb533da090

multicluster-engine/managed-serviceaccount-rhel8@sha256:6d69212b58623df24eea1714b42171bf503fe6ff0e9be3225eacbdbb533da090

multicluster-engine/managedcluster-import-controller-rhel8@sha256:94373785c37bf93f295d9092920f1f400ba8743574e41b1885d194972e5e7423

multicluster-engine/mce-operator-bundle@sha256:6fe0b220921b83a3be3a6393f9b93911ccf858fd113ba81f189618ced63614d8

multicluster-engine/multicloud-manager-rhel8@sha256:748532ba704c17d02917a9d849cfd747e6cc4010eca466b99ea8bf2fce1f2f92

multicluster-engine/must-gather-rhel8@sha256:f8e609f47fa235e70f7ad3dfd4623c45db945ea4ec548d3ffc908c5c9d8dc157

multicluster-engine/placement-rhel8@sha256:5fa6f37d1d2f85cee68d55d6a1400b96a531a7857ede37d722a0daece7185af7

multicluster-engine/provider-credential-controller-rhel8@sha256:7ed60daf7afd9d1820dceda1df8d58cb728b66905d08cca113ffd8f8be080539

multicluster-engine/registration-operator-rhel8@sha256:09f9573b0746e8a261b464b0eb7ab7c70111b084dbd422bf50415b746c1a03f2

multicluster-engine/registration-rhel8@sha256:952e3af060823aaca27b058465ec27b58a0749054af5f02663e6ff24b10b36d8

multicluster-engine/work-rhel8@sha256:8a670a0a7cb01ed821835fd55914bb4517148293d25ac03f242f69fd14102455

s390x

multicluster-engine/addon-manager-rhel8@sha256:54adbdee8e5fbc411d857b0a4bdeabda7744cf6c8d397301bc719a893b5296d1

multicluster-engine/agent-service-rhel8@sha256:da33576df3a7718afc5ad1603d4816ba9a46eabd9a9af4155302ef540909b3af

multicluster-engine/apiserver-network-proxy-rhel8@sha256:87d60142d3fe1b4e75f2a194ee556f085f68d714a585460996797a5c6f33fa15

multicluster-engine/assisted-image-service-rhel8@sha256:2292ad3a2aadb560b099c2163fdfb32497338df969bece375cd97176cb4ad666

multicluster-engine/assisted-installer-agent-rhel8@sha256:9c35030639867192c4ce7b60bc233e531f6f8b609c6cf75fd752cfbc27e9dea3

multicluster-engine/assisted-installer-reporter-rhel8@sha256:a34a40ff9d2042815efddba3655812bbfbbc5bbe8af178350b7de1ee7993cc1e

multicluster-engine/assisted-installer-rhel8@sha256:586eccddc812f15f7d02df23d03da22ad9447369344f4142f138f20ef47476f0

multicluster-engine/aws-encryption-provider-rhel8@sha256:d86149264b2f670b390ffe672c6dc5058dff4eae1d21b2cbc4cd67701fff18b7

multicluster-engine/backplane-rhel8-operator@sha256:21c6ea817e688cb59924ead25ccfa0509593c6e0137cbe3aceca7b30a7bbb1da

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:e99428415a09ce52415363c2b4c164d299d89ed5c86e5cbdfe85f64c51fcd6c0

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:e99428415a09ce52415363c2b4c164d299d89ed5c86e5cbdfe85f64c51fcd6c0

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:7a44b3cbce709b21467f0a71690ada0180ebbb7de2b25841ace1911f24d4c9d9

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:b3521a9484f440e7b41b2b171f92e4511fb77b5b1012385a958992810bace687

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:68cd241061427d944a22a33132a7b2e4e967b8b08ffdd6d4342e783acbdb95d1

multicluster-engine/cluster-api-rhel8@sha256:52151cf90b8a4be56c9c45cfee8fd58f34e2e69f5c2fbd3ffcf2a1e9dd61020d

multicluster-engine/cluster-curator-controller-rhel8@sha256:3c4344fcd556a8036dcfe90f8c04ec7474bf442a4ac8f1757d00301298038504

multicluster-engine/cluster-image-set-controller-rhel8@sha256:955101925dfd3a9e928ad697eae4c880faa47271308f80452fffa58e9c0cc80c

multicluster-engine/cluster-proxy-addon-rhel8@sha256:c08598a3607c7a1587831da6b75d35740cb91a14990489eecd103fb8b738aa76

multicluster-engine/cluster-proxy-rhel8@sha256:e46cfa55bdd13fd76d51b5f8269bdbc096e102186fd4d56fe8562004a43d102c

multicluster-engine/clusterclaims-controller-rhel8@sha256:847d1b68543c69c040c0c9b0bd10c2fae191abcef90af86b936b0f8814bf7758

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:b158e8826b8f1b6e27bfef3fc0a21af880bd83039c24d5ea6805d38ff51a5d04

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:4f175c645f891fe131f8ff4ca34e06d14c388929ca0c5af1d2da1c1f20a7dda7

multicluster-engine/console-mce-rhel8@sha256:4f175c645f891fe131f8ff4ca34e06d14c388929ca0c5af1d2da1c1f20a7dda7

multicluster-engine/discovery-rhel8@sha256:1d78e9a96c11ddeff5fa4889a85d5da79e278e28e3ea300d6c787e21eff4f38a

multicluster-engine/hive-rhel8@sha256:397d852b561fcc77f300ffb08a6a3941683a66858b026ca91a7c5c6392f43973

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:350fa5b7097a8793a00293510c8100f9d2f55a27c0739fb9ff02a164f2d4aae4

multicluster-engine/hypershift-addon-rhel8-operator@sha256:350fa5b7097a8793a00293510c8100f9d2f55a27c0739fb9ff02a164f2d4aae4

multicluster-engine/hypershift-cli-rhel8@sha256:32b58c257ccad6377a95db5ecf7eabb2f0613c725a74a079e79d6daa8cf2e2bd

multicluster-engine/hypershift-rhel8-operator@sha256:e08f13b210f7d76349e65071b43f87210f0fb6fb00c715fb58a9dc1b7737f8c6

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:75aa6df38240de0a86e7d5275367f71e06e7ed19383f8d3f55de2492333e4672

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:3f83e60a99387aaae33e0f3c455937fe65c0ddd843b97e7a804ee1e522304f42

multicluster-engine/managed-serviceaccount-rhel8@sha256:3f83e60a99387aaae33e0f3c455937fe65c0ddd843b97e7a804ee1e522304f42

multicluster-engine/managedcluster-import-controller-rhel8@sha256:8f0c5e3b938685035c4d586770f8dee2f178d3376de3cb26555f025cdc139479

multicluster-engine/mce-operator-bundle@sha256:e685fa0a06084822ddf8c1ce4bd8802dfd10609adf425445f66443bb39546daa

multicluster-engine/multicloud-manager-rhel8@sha256:b3e9409dbac68f48d4c469e523679e9213cccdfa718f2c3902598aa20459351b

multicluster-engine/must-gather-rhel8@sha256:dd66b1990607ea4020cdc755257a08cc049fb38cb832048be1d0d50d4fbd4e77

multicluster-engine/placement-rhel8@sha256:5b8cdb1bda3cfa94ce254e87d1c8f1c54a01600dbbbd2bc06c42628f5aafdc92

multicluster-engine/provider-credential-controller-rhel8@sha256:a2fd2ac2b75f3395627aa7252ca4740e2c4b1e9115f8afc42f107495669def1e

multicluster-engine/registration-operator-rhel8@sha256:b620ca3fd1466373704ee0c8afd8082fe10312830eafc5e4c4f3e91f3768008a

multicluster-engine/registration-rhel8@sha256:2dad0e98417ae0578265522896e46008daed65c49829fe969f1739b61c318823

multicluster-engine/work-rhel8@sha256:2e074c89e8966855cb4c54e842a6ce6553a99565a7e8932dc6bea83e91c5f87f

x86_64

multicluster-engine/addon-manager-rhel8@sha256:1807f5f9ce189c5cdb28c1d1db8e991b82cfffbb0923df5bf7f6196d8f833c57

multicluster-engine/agent-service-rhel8@sha256:569abf6a5ee0f48305526c3911f4886f6e10244aecbecb53a9e08e34c0601a81

multicluster-engine/apiserver-network-proxy-rhel8@sha256:2f42dbc7d706e6fc1d652c0e7b5ed3b6e19a5a46df5dd19af01072070203f4dd

multicluster-engine/assisted-image-service-rhel8@sha256:5f740cd07c6b3200a920e1acdc798747adbe31c31e3d99b07465bc371139550b

multicluster-engine/assisted-installer-agent-rhel8@sha256:67549cefddb9f310269fe9e49a9a70e4a056b7e54c041114620de97db1b296d0

multicluster-engine/assisted-installer-reporter-rhel8@sha256:5bae0d3ce3995302b1fd64b01486fb58b301ff3ba601e24f53e21003120a39d5

multicluster-engine/assisted-installer-rhel8@sha256:d7106b2420380ba9dca36679da2c4e4cc8a274f0307728336a6dd83bda17e913

multicluster-engine/aws-encryption-provider-rhel8@sha256:392f73969fac4348340eb8af2ea8de3c5c66d5b6b33296026d8537432e6c0871

multicluster-engine/backplane-rhel8-operator@sha256:bcaa2146ebaf2f1c64ba579f38498ca763e788bb8f1407ca893e8a4beb9c717a

multicluster-engine/cluster-api-provider-agent-rhel8@sha256:7d2ade974ea592bf83d30504977bc6986592785b02417bf5020337bedbfd8e75

multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel8@sha256:7d2ade974ea592bf83d30504977bc6986592785b02417bf5020337bedbfd8e75

multicluster-engine/cluster-api-provider-aws-rhel8@sha256:c77b06fc16d50806a8bb8ce5a58f64a965d172c2355323b9bc620977f8d10865

multicluster-engine/cluster-api-provider-azure-rhel8@sha256:26621801541c1cb710de725a55c89003d9e85a35058012b15963a84ca5804f42

multicluster-engine/cluster-api-provider-kubevirt-rhel8@sha256:cec5a2eba165b45aea5eb129ffc5a18881c81b1a994b6ca00273705bb271a3ad

multicluster-engine/cluster-api-rhel8@sha256:c76aaacb9982c9938d3b70ca6097fac2df6facd3ceb1fad269de3595ad62ec75

multicluster-engine/cluster-curator-controller-rhel8@sha256:27db1955111ff76ec315e8c20e4ee6ae9dd57d678f63559f665f5ffbc20a5581

multicluster-engine/cluster-image-set-controller-rhel8@sha256:dcd1fb2fb1fbd09de17ca4df0d7e621d72c1d417913b2358b929723db8e17108

multicluster-engine/cluster-proxy-addon-rhel8@sha256:64b341a61948392634da678a9595a6dac6e7d7e9e3e353ce9a36459e760b009f

multicluster-engine/cluster-proxy-rhel8@sha256:0940f05e058bf02ed819989d995e46d4d4deaeec76bead3f5d3119f9b03a4f4c

multicluster-engine/clusterclaims-controller-rhel8@sha256:efa9a4b936528c07ede42e1f4a18a46f678fa2bd98c907d22b25877921282393

multicluster-engine/clusterlifecycle-state-metrics-rhel8@sha256:b0803428e2c927edbdb03eb997674234187d18552331eed214ace04e620d6fcd

multicluster-engine/multicluster-engine-console-mce-rhel8@sha256:5c0e8e8cf00cd94a67dfca379c8daed9ae8a18bcab70d60072684475e810a4c0

multicluster-engine/console-mce-rhel8@sha256:5c0e8e8cf00cd94a67dfca379c8daed9ae8a18bcab70d60072684475e810a4c0

multicluster-engine/discovery-rhel8@sha256:d03a93762c65fd3134d895a90121cd2ddd795e6541512143bda890026d0226c2

multicluster-engine/hive-rhel8@sha256:30fbfb2f3d0a0d49c92de733c42680a08d3b7e69d85259318b9ef6616006ce36

multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator@sha256:b802d1e6b574b897923f088637209fd49fa0afd87f73d8ea1207c7410f5e0a1b

multicluster-engine/hypershift-addon-rhel8-operator@sha256:b802d1e6b574b897923f088637209fd49fa0afd87f73d8ea1207c7410f5e0a1b

multicluster-engine/hypershift-cli-rhel8@sha256:d3eed22fef6dffade42dc06b51213d386f77a0609025acdb275a6b2e7872640d

multicluster-engine/hypershift-rhel8-operator@sha256:469d8b927fda714d01afa7d7062a0d55cab41f4c7d4fb40dfe73f4f8e676bc4a

multicluster-engine/klusterlet-operator-bundle@sha256:91fcc59f2ca9ae81b691051a749e5a5ef28012c71d7cb1383d91dd05c4e6e8e2

multicluster-engine/kube-rbac-proxy-mce-rhel8@sha256:c3398c6278c6903f0afc4797cf3deb98d5132f2e2b44f584e7a76025190a93da

multicluster-engine/multicluster-engine-managed-serviceaccount-rhel8@sha256:d5b98337b4f883a04ba81b7a5e13f291543cb29cff67d0653bd85978fc8495d3

multicluster-engine/managed-serviceaccount-rhel8@sha256:d5b98337b4f883a04ba81b7a5e13f291543cb29cff67d0653bd85978fc8495d3

multicluster-engine/managedcluster-import-controller-rhel8@sha256:1dbc29aa753466d14b917f3620f53381661ebe53b6041247a7976fdd9b24167d

multicluster-engine/mce-operator-bundle@sha256:f3a2fbc22d2b1e7020f36db834dfba83b41a248f2cd3d50c664a682cf0f280cf

multicluster-engine/multicloud-manager-rhel8@sha256:bb4f6af5fa116dd7f1ecda065035b1f6e93af59bc9698ddf70218eb473b472b3

multicluster-engine/must-gather-rhel8@sha256:10f5e4e33b5b3d48ac3985d25913d7d183d43ff758dafd21e39c0951ef9cd60e

multicluster-engine/placement-rhel8@sha256:59da6adcb72a1f1a9804bcd1fcf64241ce74976410ad42d01ea013ac87502f1a

multicluster-engine/provider-credential-controller-rhel8@sha256:74f9d4634431e33286523745bfc65799b788b29d53935d4a41a383b6c2a835f8

multicluster-engine/registration-operator-rhel8@sha256:9687f08d869266aacf38f8ae27fc29d51a80a5b5ca064820a4f31a769b2bef86

multicluster-engine/registration-rhel8@sha256:befd92ac757213788835a2010e4385aeb70c72be0ef37942e348bb827b857540

multicluster-engine/work-rhel8@sha256:2cc89f2d299c5c14d49bfedd06445fb972d3137c8c22647217f38e0d6c42ed64

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

vm2 3.9.19 Sandbox Escape

vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.

Red Hat Security Advisory 2023-4980-01

Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4862-01

Red Hat Security Advisory 2023-4862-01 - Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

RHSA-2023:4875: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

RHSA-2023:4471: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.29.1

Red Hat OpenShift Serverless 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4437: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVE-2023-37903: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

CVE-2023-37903: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

CVE-2023-37466: Sandbox Escape

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.

GHSA-cchq-frgv-rjh5: vm2 Sandbox Escape vulnerability

In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. ### Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ### Patches None. ### Workarounds None. ### References PoC is to be disclosed on or after the 8th of August. ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2)

Red Hat Security Advisory 2023-3924-01

Red Hat Security Advisory 2023-3924-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.23.

RHSA-2023:3924: Red Hat Security Advisory: OpenShift Container Platform 4.12.23 security update

Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3914-01

Red Hat Security Advisory 2023-3914-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44.

Red Hat Security Advisory 2023-3911-01

Red Hat Security Advisory 2023-3911-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.63.

Red Hat Security Advisory 2023-3910-01

Red Hat Security Advisory 2023-3910-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.63.

RHSA-2023:3910: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server...

RHSA-2023:3915: Red Hat Security Advisory: OpenShift Container Platform 4.11.44 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...