Read the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their team today. 
Attack surface management vs exposure management
Attack surface management (ASM) is the ongoing

_Read the full article for key points from Intruder's VP of Product, Andy Hornegold's recent talk on exposure management. If you'd like to hear Andy's insights first-hand, watch Intruder's on-demand webinar. To learn more about reducing your attack surface, reach out to their team today._

****Attack surface management vs exposure management****

Attack surface management (ASM) is the ongoing process of discovering and identifying assets that can be seen by an attacker on the internet, showing where security gaps exist, where they can be used to perform an attack, and where defenses are strong enough to repel an attack. If there's something on the internet that can be exploited by an attacker, it typically falls under the realm of attack surface management.

Exposure management takes this a step further to include data assets, user identities, and cloud account configuration. It can be summarized as the set of processes that allow organizations to continually and consistently evaluate the visibility, accessibility, and vulnerability of their digital assets.

****The continuous journey of managing threats****

Continuous management is key for a number of reasons. Your business, your attack surface and the threat landscape are not static, they are constantly changing and evolving. New vulnerabilities are disclosed hourly, new exploits for old vulnerabilities are publicly released, and threat actors are updating their techniques continuously. Additionally, new systems and services are often exposed to the internet, and if you are running CI/CD processes, your applications are frequently updated, which could create exploitable security gaps.

****Moving beyond CVEs****

More and more, vulnerability management is being seen through a narrow lens of vulnerabilities that have CVEs. Intruder's team disagreed with this approach, and believes that if there is a weakness in your attack surface, it is a vulnerability regardless of whether it has a CVE associated or not.

So, unlike the narrow approach to vulnerability management, exposure management takes in the entire vista - including misconfigurations and potential weaknesses that don't have an associated CVE. Take SQL injection, for example. It doesn't have a CVE but it's still a vulnerability in your application that could lead to serious consequences if exploited. Additionally, having Windows Remote Desktop exposed to the internet doesn't have an associated CVE, but it introduces risk that an attacker can attempt to exploit. Ultimately, exposure management provides a common name for how we perceive and manage these threats.

****Prioritizing vulnerabilities: the need for context****

Currently, most vulnerability scanners provide a list of vulnerabilities, each as a standalone data point. For example, they might report: 'System X has vulnerability Y; you should go fix it.' However, when dealing with large numbers of vulnerabilities, this information alone isn't enough.

Effective prioritization requires more context to ensure that your team's limited resource is focused on issues that will truly make a difference. For instance, it's crucial to understand which assets support your critical business functions, which vulnerabilities can be chained together to impact critical business functions, and where an attacker could potentially enter your network if these assets were exploited.

This approach transforms the management of vulnerabilities from siloed and isolated tasks into a cohesive strategy, providing the context needed to determine not only _if_ a vulnerability should be fixed, but also _when_.

Much like meditation helps filter out the daily bombardment of thoughts and distractions, Intruder's approach to exposure management aims to sift through the noise to focus on the issues that matter most.

****Why exposure management matters****

Exposure management matters because not everything that can be fixed, should be fixed immediately. Without a strategic approach, you risk wasting valuable time resolving low-impact issues, like an untrusted TLS certificate on an internal network, rather than addressing vulnerabilities that could lead to the compromise of a mission-critical system.

It is possible for you and your team to make a disproportionate and even more meaningful impact on your organization's risk profile by having more time to focus on strategically important activities that secure your organization more effectively. This can be achieved by avoiding a knee-jerk reaction to each vulnerability (akin to playing whack-a-mole), which is what exposure management aims to achieve.

It is possible to reduce the volume of tasks that your team is carrying out by scoping out your environment, understanding which assets support business-critical processes, establishing dedicated teams responsible for the remediation of those assets, and setting thresholds or triggers that specify when issues need to be addressed.

****The need for exposure management****

Recent examples of attackers gaining total control through seemingly innocuous entry points are aplenty.

A developer at Microsoft discovered a deliberately placed backdoor in xz-utils, an essential data compression utility for Linux and Unix-like operating systems. This vulnerability, found in versions 5.6.0 and 5.6.1, allowed an unknown threat actor to execute commands on systems that were running these versions of xz-utils and had SSH exposed to the internet. The discovery's timing was incredibly lucky, it was discovered before the compromised versions of xz-utils could make it into many mainstream Linux distributions like Debian and Red Hat.

Although there were no reported cases of exploitation, the potential risks were substantial. A threat actor would have gained access to those systems, giving them a jumping-off point to compromise other systems on any connected network to extract any and all sensitive data.

Security teams will have spent time and effort chasing down whether they were exposed. With exposure management, it would have been easy to identify any affected versions within your environments and quickly establish that the exposure was minimal since the compromised versions of xz-utils aren't that widespread.

Interestingly, the effort to embed the backdoor took four years, revealing a calculated and long-term scheme to compromise open-source software. This isn't necessarily new, but it shines a spotlight on the fact that advanced persistent threats aren't just focused on large enterprises; if threat actors can compromise an open source package like xz-utils and have it reach mainstream distributions, then everyone is at risk.

Then there's Palo Alto Networks. It issued an urgent call for companies to patch a critical zero-day vulnerability, known as CVE-2024-3400, in its widely used PAN-OS software that powers GlobalProtect firewall products. This flaw, found in the newer versions of the software, allows attackers to take complete control of an affected firewall remotely without requiring authentication, thus representing a significant threat to thousands of businesses relying on these firewalls for security. Given its potential for straightforward remote exploitation, Palo Alto has given this vulnerability the highest severity rating. Using attack surface management tools available to you, identifying vulnerable assets should be nearly instantaneous, and with an exposure management process in place the threshold for remediation should have allowed those responsible for remediation or mitigation to kick into action quickly.

These examples demonstrate how threats can be effectively shut down if organizations shift from a reactive, rush-to-fix approach to proactive exposure management, where they continuously manage their attack surface.

****‍Starting your journey towards effective exposure management****

Getting started with exposure management starts with practical, manageable steps:

1.  **Use what you already have:** First, remember you can leverage the services you're already using. For example, if you're using a tool like Intruder, you already have a vulnerability management and attack surface management provider that can kick-start your approach to exposure management. Alternatively, a consultancy service can conduct attack path mapping exercises and threat profile workshops.
2.  **Define your scope:** When defining the scope of what your exposure management process will cover, focus first on assets that are exposed to the internet, as these are often most vulnerable to attack. Intruder can help by providing you with a view of your internet-facing systems, which you can use as a starting point for your exposure management process. You can also use Intruder's target tagging to segment systems into your defined scopes. In the scoping process, you're also looking to identify individuals who are responsible for remediating the risk when a vulnerability is detected; you can add those users to Intruder and empower them to fix and validate that any issues have been resolved. If the data is available, also remember to keep track of the SaaS applications you use, as they can contain sensitive data and credentials.
3.  **Discover and prioritize your assets:** Use a tool to identify known and unknown assets and identify which are business-critical and support the scope you've defined previously. Intruder automatically discovers new cloud assets by integrating with your cloud accounts and runs automated checks for subdomains. You can also add context to your assets by using tags to specify how systems contribute to your business processes, and what risk they pose to those processes if they were compromised.
4.  **Carry out weakness discovery and prioritization:** The focus next shifts to assessing which of these assets are most at risk of being compromised and which would be the most attractive targets for cyber attackers. With Intruder you can find vulnerabilities in your infrastructure, applications, and APIs, and receive a prioritized list of issues so you know what to act on first. Intruder also provides a continuous approach to vulnerability discovery and prioritization by monitoring your network, showing you what's exposed and kicking off scans when anything changes.
5.  **Act:** Then it's time to act, be that through remediation, mitigation, or risk acceptance. Intruder makes it easy to manage and verify your remediation efforts. Run remediation scans, export issues to your ticketing systems, set up alerts in Slack and Teams, and more.

****Bringing it all back home****

Ultimately, we all have a limited amount of time.

By minimizing distractions and enabling your team to focus on what truly matters, exposure management allows you to achieve the greatest impact with the least time invested.

If your team is focusing on the 25% of vulnerabilities that actually matter, they have 75% extra time to focus on the activities that are critical to keeping your business secure.

Intruder aims to equip organizations to focus on the significant, the impactful, and ultimately, secure their digital landscape in today's fast-paced world.

And if that means more peaceful weekends and confidently stepping away from our desks knowing our assets are protected, then I believe we are on the right path. Perhaps, it's not so much about managing vulnerabilities or exposures but about managing our focus in the endless stream of cybersecurity threats.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Focus on What Matters Most: Exposure Management and Your Attack Surface

Red Hat Security Advisory 2024-5749-03 - The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.16.1 product releaseAdvisory ID:        RHSA-2024:5749-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5749Issue date:         2024-08-22Revision:           03CVE Names:          ====================================================================Summary: The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#moderatehttps://issues.redhat.com/browse/OCPBUGS-37609

Red Hat Security Advisory 2024-5749-03

Red Hat Security Advisory 2024-5745-03 - The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.15.3 product release  
Advisory ID:        RHSA-2024:5745-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5745  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/OCPBUGS-33875  
https://issues.redhat.com/browse/OCPBUGS-37533  
https://issues.redhat.com/browse/OCPBUGS-38485  
https://issues.redhat.com/browse/WINC-1289

Red Hat Security Advisory 2024-5745-03

Red Hat Security Advisory 2024-5444-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and memory exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5444.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.48 bug fix and security update  
Advisory ID:        RHSA-2024:5444-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5444  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.48. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5446

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* kernel: net:  kernel: UAF in network route management (CVE-2024-36971)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* openssh: Possible remote code execution due to a race condition in signal  
handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://bugzilla.redhat.com/show_bug.cgi?id=2295085  
https://issues.redhat.com/browse/OCPBUGS-29124  
https://issues.redhat.com/browse/OCPBUGS-35259  
https://issues.redhat.com/browse/OCPBUGS-37119  
https://issues.redhat.com/browse/OCPBUGS-37168  
https://issues.redhat.com/browse/OCPBUGS-37421  
https://issues.redhat.com/browse/OCPBUGS-37783  
https://issues.redhat.com/browse/OCPBUGS-38295  
https://issues.redhat.com/browse/OCPBUGS-38372  
https://issues.redhat.com/browse/OCPBUGS-38403

Red Hat Security Advisory 2024-5444-03

Red Hat Security Advisory 2024-5442-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5442.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.28 packages and security update  
Advisory ID:        RHSA-2024:5442-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5442  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.28. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:5439

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-5442-03

Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5439.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.28 bug fix and security update  
Advisory ID:        RHSA-2024:5439-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5439  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.28. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5442

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* kernel: net:  kernel: UAF in network route management (CVE-2024-36971)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://issues.redhat.com/browse/OCPBUGS-24144  
https://issues.redhat.com/browse/OCPBUGS-34726  
https://issues.redhat.com/browse/OCPBUGS-34727  
https://issues.redhat.com/browse/OCPBUGS-36264  
https://issues.redhat.com/browse/OCPBUGS-37099  
https://issues.redhat.com/browse/OCPBUGS-37461  
https://issues.redhat.com/browse/OCPBUGS-37608  
https://issues.redhat.com/browse/OCPBUGS-37622  
https://issues.redhat.com/browse/OCPBUGS-37768  
https://issues.redhat.com/browse/OCPBUGS-38323

Red Hat Security Advisory 2024-5439-03

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5436.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.35 security update  
Advisory ID:        RHSA-2024:5436-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5436  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.35. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:5433

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-5436-03

Red Hat Security Advisory 2024-5433-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5433.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.35 security update  
Advisory ID:        RHSA-2024:5433-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5433  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.35. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5436

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* kernel: net: UAF in network route management (CVE-2024-36971)  
* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound  
cardinality metrics (CVE-2023-47108)  
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)  
(CVE-2023-48795)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2279476  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-30794  
https://issues.redhat.com/browse/OCPBUGS-33590  
https://issues.redhat.com/browse/OCPBUGS-36949  
https://issues.redhat.com/browse/OCPBUGS-37062  
https://issues.redhat.com/browse/OCPBUGS-37175  
https://issues.redhat.com/browse/OCPBUGS-37420  
https://issues.redhat.com/browse/OCPBUGS-37483  
https://issues.redhat.com/browse/OCPBUGS-37623  
https://issues.redhat.com/browse/OCPBUGS-37738  
https://issues.redhat.com/browse/OCPBUGS-37769  
https://issues.redhat.com/browse/OCPBUGS-37815  
https://issues.redhat.com/browse/OCPBUGS-37974  
https://issues.redhat.com/browse/OCPBUGS-38073

Red Hat Security Advisory 2024-5433-03

Red Hat Security Advisory 2024-5696-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5696.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tomcat security updateAdvisory ID:        RHSA-2024:5696-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5696Issue date:         2024-08-21Revision:           03CVE Names:          CVE-2024-34750====================================================================Summary: An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34750References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295651

Red Hat Security Advisory 2024-5696-03

Red Hat Security Advisory 2024-5695-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5695.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tomcat security updateAdvisory ID:        RHSA-2024:5695-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5695Issue date:         2024-08-21Revision:           03CVE Names:          CVE-2024-34750====================================================================Summary: An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34750References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295651

Tag

#red_hat