Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.8 packages
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2021-3114 CVE-2021-3121 CVE-2021-3636 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-25735 CVE-2021-25737 |
| CWE-ID | CWE-682 CWE-129 CWE-287 CWE-400 CWE-264 CWE-20 CWE-79 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #9 is available. |
| Vulnerable software |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration openshift-ansible (Red Hat package) Operating systems & Components / Operating system package or component toolbox (Red Hat package) Operating systems & Components / Operating system package or component rust-afterburn (Red Hat package) Operating systems & Components / Operating system package or component runc (Red Hat package) Operating systems & Components / Operating system package or component rteval-loads (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-coreos (Red Hat package) Operating systems & Components / Operating system package or component python-tooz (Red Hat package) Operating systems & Components / Operating system package or component python-sushy-oem-idrac (Red Hat package) Operating systems & Components / Operating system package or component python-sushy (Red Hat package) Operating systems & Components / Operating system package or component python-stevedore (Red Hat package) Operating systems & Components / Operating system package or component python-pyrsistent (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-utils (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-upgradecheck (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-service (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-serialization (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-policy (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-log (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-i18n (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-db (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-context (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-config (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-concurrency (Red Hat package) Operating systems & Components / Operating system package or component python-openstacksdk (Red Hat package) Operating systems & Components / Operating system package or component python-openshift (Red Hat package) Operating systems & Components / Operating system package or component python-kubernetes (Red Hat package) Operating systems & Components / Operating system package or component python-keystoneauth1 (Red Hat package) Operating systems & Components / Operating system package or component python-jsonschema (Red Hat package) Operating systems & Components / Operating system package or component python-ironic-prometheus-exporter (Red Hat package) Operating systems & Components / Operating system package or component python-ironic-lib (Red Hat package) Operating systems & Components / Operating system package or component python-hardware (Red Hat package) Operating systems & Components / Operating system package or component python-eventlet (Red Hat package) Operating systems & Components / Operating system package or component python-debtcollector (Red Hat package) Operating systems & Components / Operating system package or component podman (Red Hat package) Operating systems & Components / Operating system package or component ovn2.13 (Red Hat package) Operating systems & Components / Operating system package or component ostree (Red Hat package) Operating systems & Components / Operating system package or component openvswitch2.15 (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic-python-agent (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic-inspector (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic (Red Hat package) Operating systems & Components / Operating system package or component openshift-kuryr (Red Hat package) Operating systems & Components / Operating system package or component openshift-clients (Red Hat package) Operating systems & Components / Operating system package or component openshift (Red Hat package) Operating systems & Components / Operating system package or component kata-containers (Red Hat package) Operating systems & Components / Operating system package or component jenkins (Red Hat package) Operating systems & Components / Operating system package or component jenkins-2-plugins (Red Hat package) Operating systems & Components / Operating system package or component ironic-images (Red Hat package) Operating systems & Components / Operating system package or component ignition (Red Hat package) Operating systems & Components / Operating system package or component haproxy (Red Hat package) Operating systems & Components / Operating system package or component cri-tools (Red Hat package) Operating systems & Components / Operating system package or component cri-o (Red Hat package) Operating systems & Components / Operating system package or component coreos-installer (Red Hat package) Operating systems & Components / Operating system package or component console-login-helper-messages (Red Hat package) Operating systems & Components / Operating system package or component butane (Red Hat package) Operating systems & Components / Operating system package or component atomic-openshift-service-idler (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Incorrect calculation
EUVDB-ID: #VU50047
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3114
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect calculation performed by the application in "crypto/elliptic/p224.go". A remote attacker can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:*:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Validation of Array Index
EUVDB-ID: #VU52902
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3121
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper validation of index array in plugin/unmarshal/unmarshal.go. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions, possibly leading to remote code execution.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Authentication
EUVDB-ID: #VU56243
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3636
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the generated certificate for the in-cluster Service CA, incorrectly
included additional certificates. The Service CA is automatically
mounted into all pods, allowing them to safely connect to trusted
in-cluster services that present certificates signed by the trusted
Service CA. The incorrect inclusion of additional CAs in this
certificate would allow an attacker that compromises any of the
additional CAs to masquerade as a trusted in-cluster service.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU56244
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21419
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling large websocket frames. A remote attacker can trigger resource exhaustion by sending highly compressed data frame and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51595
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21623
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected plugin does not correctly perform permission checks to determine whether an item should be accessible. A remote authenticated attacker can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU51993
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21639
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not validate the type of object created after loading the data submitted to the "config.xml" REST API endpoint of a node. A remote authenticated attacker can replace a node with one of a different type.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Authentication
EUVDB-ID: #VU51994
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21640
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected software does not properly check that a newly created view has an allowed name. A remote authenticated attacker can create views with invalid or already-used names.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU53152
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21648
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU56245
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2021-25735
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Information disclosure
EUVDB-ID: #VU53436
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-25737
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a host network hijacking flaw because of holes in EndpointSlice validation. A remote administrator can redirect pod traffic to private networks on a Node and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.8.2
openshift-ansible (Red Hat package): before 4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-3.rhaos4.8.el8
rust-afterburn (Red Hat package): before 5.0.0-1.rhaos4.8.el8
runc (Red Hat package): before 1.0.0-98.rhaos4.8.gitcd80260.el7
rteval-loads (Red Hat package): before 1.4-12.el8
redhat-release-coreos (Red Hat package): before 48.84-4.el8
python-tooz (Red Hat package): before 2.8.0-0.20210324235001.54448e9.el8
python-sushy-oem-idrac (Red Hat package): before 2.0.1-0.20210326152858.83b7eb0.el8
python-sushy (Red Hat package): before 3.7.1-0.20210428165244.bc49878.el8
python-stevedore (Red Hat package): before 3.3.0-0.20210325001012.7d7154f.el8
python-pyrsistent (Red Hat package): before 0.16.0-3.el8ost
python-oslo-utils (Red Hat package): before 4.8.0-0.20210325043201.3288539.el8
python-oslo-upgradecheck (Red Hat package): before 1.3.0-0.20210325003851.9f95a6e.el8
python-oslo-service (Red Hat package): before 2.5.0-0.20210325014731.d25e454.el8
python-oslo-serialization (Red Hat package): before 4.1.0-0.20210325012242.8445e61.el8
python-oslo-policy (Red Hat package): before 3.7.0-0.20210325051823.d853485.el8
python-oslo-log (Red Hat package): before 4.4.0-0.20210409081224.9b29c90.el8
python-oslo-i18n (Red Hat package): before 5.0.1-0.20210324221600.73187bd.el8
python-oslo-db (Red Hat package): before 8.5.0-0.20210325041241.503db60.el8
python-oslo-context (Red Hat package): before 3.2.0-0.20210325043103.0d02866.el8
python-oslo-config (Red Hat package): before 8.5.0-0.20210325050501.cfa2564.el8
python-oslo-concurrency (Red Hat package): before 4.4.0-0.20210325004915.7dcf9e9.el8
python-openstacksdk (Red Hat package): before 0.53.0-0.20210325011601.4629245.el8
python-openshift (Red Hat package): before 0.12.1-1.el8
python-kubernetes (Red Hat package): before 12.0.1-1.el8
python-keystoneauth1 (Red Hat package): before 4.3.0-0.20210325001456.6a66271.el8
python-jsonschema (Red Hat package): before 3.2.0-5.el8ost
python-ironic-prometheus-exporter (Red Hat package): before 2.2.1-0.20210325143713.70e39c8.el8
python-ironic-lib (Red Hat package): before 4.6.2-0.20210608101214.ca2e4ba.el8
python-hardware (Red Hat package): before 0.27.0-0.20210406121246.756fedb.el8
python-eventlet (Red Hat package): before 0.25.2-4.el8
python-debtcollector (Red Hat package): before 2.2.0-0.20210324220630.649189d.el8
podman (Red Hat package): before 3.0.1-6.el8
ovn2.13 (Red Hat package): before 20.12.0-25.el8fdp
ostree (Red Hat package): before 2020.7-5.el8_4
openvswitch2.15 (Red Hat package): before 2.15.0-9.el8fdp
openstack-ironic-python-agent (Red Hat package): before 7.0.2-0.20210611153100.bfa97cb.el8
openstack-ironic-inspector (Red Hat package): before 10.6.1-0.20210406091336.579f59c.el8
openstack-ironic (Red Hat package): before 17.0.4-0.20210713221218.a415e7e.el8
openshift-kuryr (Red Hat package): before 4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8
openshift-clients (Red Hat package): before 4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7
openshift (Red Hat package): before 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
kata-containers (Red Hat package): before 2.1.0-4.el8
jenkins (Red Hat package): before 2.289.1.1624020353-1.el8
jenkins-2-plugins (Red Hat package): before 4.8.1624022417-1.el8
ironic-images (Red Hat package): before 2021.1-20210614.1.el8
ignition (Red Hat package): before 2.9.0-6.rhaos4.8.el8
haproxy (Red Hat package): before 2.2.13-1.el7
cri-tools (Red Hat package): before 1.21.0-2.el7
cri-o (Red Hat package): before 1.21.2-5.rhaos4.8.gitb27d974.el7
coreos-installer (Red Hat package): before 0.9.0-6.rhaos4.8.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.8.el8
butane (Red Hat package): before 0.12.1-1.rhaos4.8.el8
atomic-openshift-service-idler (Red Hat package): before 4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:toolbox_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rust-afterburn_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:runc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rteval-loads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-coreos_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tooz_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy-oem-idrac_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-stevedore_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyrsistent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-utils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-upgradecheck_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-service_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-serialization_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-policy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-log_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-i18n_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-db_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-context_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-config_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-oslo-concurrency_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openstacksdk_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-kubernetes_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-keystoneauth1_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-jsonschema_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-prometheus-exporter_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ironic-lib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-hardware_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-eventlet_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-debtcollector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:podman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovn2.13_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ostree_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openvswitch2.15_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic-inspector_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openstack-ironic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:kata-containers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ironic-images_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:haproxy_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-tools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:coreos-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:console-login-helper-messages_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:butane_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:2437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
