Multiple vulnerabilities in OpenShift Container Platform
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2020-1945 CVE-2020-11979 CVE-2021-21602 CVE-2021-21603 CVE-2021-21604 CVE-2021-21605 CVE-2021-21606 CVE-2021-21607 CVE-2021-21608 CVE-2021-21609 CVE-2021-21610 CVE-2021-21611 CVE-2021-21615 |
| CWE-ID | CWE-276 CWE-264 CWE-200 CWE-79 CWE-91 CWE-22 CWE-119 CWE-367 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration openshift-kuryr (Red Hat package) Operating systems & Components / Operating system package or component openshift-clients (Red Hat package) Operating systems & Components / Operating system package or component openshift (Red Hat package) Operating systems & Components / Operating system package or component openshift-ansible (Red Hat package) Operating systems & Components / Operating system package or component jenkins-2-plugins (Red Hat package) Operating systems & Components / Operating system package or component atomic-openshift-service-idler (Red Hat package) Operating systems & Components / Operating system package or component cri-o (Red Hat package) Operating systems & Components / Operating system package or component runc (Red Hat package) Operating systems & Components / Operating system package or component python-rsa (Red Hat package) Operating systems & Components / Operating system package or component jenkins (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Incorrect default permissions
EUVDB-ID: #VU27924
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-1945
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Apache Ant is using a default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU47428
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11979
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect patch for vulnerability #VU27924 (CVE-2020-1945). Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU49527
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21602
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in workspace browsers. A remote authenticated attacker can create symbolic links that allow them to access files outside workspaces using the workspace browser.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU49522
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21603
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in notification bar. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) XML injection
EUVDB-ID: #VU49526
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21604
CWE-ID:
CWE-91 - XML Injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper handling of REST API XML deserialization errors. A remote authenticated attacker can pass specially crafted XML data to the application and perform arbitrary actions on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Path traversal
EUVDB-ID: #VU49528
Risk: Medium
CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21605
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in agent names. A remote authenticated attacker can choose agent names that cause Jenkins to override unrelated "config.xml" files.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49529
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21606
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to arbitrary file existence check in file fingerprints. A remote authenticated attacker can check for the existence of XML files on the controller file system where the relative path can be constructed as 32 characters.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU49530
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21607
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected software does not limit the graph size provided as query parameters. A remote authenticated attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stored cross-site scripting
EUVDB-ID: #VU49523
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21608
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in button labels. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49531
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21609
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a missing permission check for paths with specific prefix. A remote attacker can access plugin-provided URLs.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Cross-site scripting
EUVDB-ID: #VU49524
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21610
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in markup formatter preview. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stored cross-site scripting
EUVDB-ID: #VU49525
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21611
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data on new item page. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU50020
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21615
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to a race condition in the file browser for workspaces. A remote user with Job/Workspace permission and the ability to control workspace contents, e.g., with Job/Configure permission or the ability to change SCM contents, can create symbolic links that allow them to access files outside workspaces using the workspace browser.
Note, the vulnerability is caused by incorrect patch for #VU49527
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.6.0 - 4.6.16
openshift-kuryr (Red Hat package): 4.6.0-202012042155.p0.git.2216.8a6f6a5.el8 - 4.6.0-202101151835.p0.git.2220.40847e5.el8
openshift-clients (Red Hat package): 4.6.0-202011260456.p0.git.3798.fcf58ff.el7 - 4.6.0-202101160934.p0.git.3808.a1bca2f.el8
openshift (Red Hat package): 4.6.0-202012051246.p0.git.94231.efc9027.el7 - 4.6.0-202101160934.p0.git.94242.fc5242e.el8
openshift-ansible (Red Hat package): 4.6.0-202011260456.p0.git.0.e7caea2.el7 - 4.6.0-202012172338.p0.git.0.a15d08c.el7
jenkins-2-plugins (Red Hat package): 4.6.1609853716-1.el8
atomic-openshift-service-idler (Red Hat package): 4.6.0-202012171504.p0.git.15.f4535bc.el8
cri-o (Red Hat package): 1.0.4-2.git4aceede.el7 - 1.18.4-4.rhaos4.5.git6dee389.el7
runc (Red Hat package): 1.0.0-1.rc2.el7 - 1.0.0-67.rc10.el7_8
python-rsa (Red Hat package): 3.4.2-9.el8
jenkins (Red Hat package): before 2.263.3.1612434510-1.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012042155.p0.git.2216.8a6f6a5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202012171504.p0.git.2216.1fecf92.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:4.6.0-202101151835.p0.git.2220.40847e5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202011260456.p0.git.3798.fcf58ff.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:4.6.0-202012121455.p0.git.3800.80a13a6.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012051246.p0.git.94231.efc9027.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:4.6.0-202012190744.p0.git.94235.c62c6f7.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:4.6.0-202011260456.p0.git.0.e7caea2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins-2-plugins_redhat_package:4.6.1609853716-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:4.6.0-202012171504.p0.git.15.f4535bc.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:1.0.4-2.git4aceede.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:runc_redhat_package:1.0.0-1.rc2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:python-rsa_redhat_package:3.4.2-9.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:0423
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
