Multiple vulnerabilities in OpenShift Container Platform 4.9
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2021-21690 CVE-2021-21692 CVE-2021-21694 CVE-2021-21686 CVE-2021-21688 CVE-2021-21689 CVE-2021-21691 CVE-2021-21695 CVE-2021-21697 CVE-2021-21685 CVE-2021-21693 CVE-2021-21696 CVE-2021-21698 CVE-2021-21687 |
| CWE-ID | CWE-693 CWE-862 CWE-264 CWE-22 CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration openshift-kuryr (Red Hat package) Operating systems & Components / Operating system package or component openshift (Red Hat package) Operating systems & Components / Operating system package or component cri-o (Red Hat package) Operating systems & Components / Operating system package or component jenkins (Red Hat package) Operating systems & Components / Operating system package or component python-sushy (Red Hat package) Operating systems & Components / Operating system package or component jenkins-2-plugins (Red Hat package) Operating systems & Components / Operating system package or component container-selinux (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU57983
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21690
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. An attacker can bypass implemented security restrictions and elevate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.9.8:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authorization
EUVDB-ID: #VU57985
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21692
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU57987
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21694
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Path traversal
EUVDB-ID: #VU57979
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21686
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to file path filters do not canonicalize paths. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Authorization
EUVDB-ID: #VU57981
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21688
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#reading(FileVisitor) does not reject any operations. A remote attacker can have unrestricted read access using certain operations.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Missing Authorization
EUVDB-ID: #VU57982
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21689
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#unzip and FilePath#untar are not subject to any access control. A remote attacker can read and write arbitrary files on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Missing Authorization
EUVDB-ID: #VU57984
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21691
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to creating symbolic links is possible without the symlink permission. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Missing Authorization
EUVDB-ID: #VU57988
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21695
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#listFiles lists files outside directories with agent read access when following symbolic links. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Missing Authorization
EUVDB-ID: #VU57990
Risk: High
CVSSv4.0: 7.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21697
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Missing Authorization
EUVDB-ID: #VU57978
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21685
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application does not check agent-to-controller access to create parent directories in FilePath#mkdirs. A remote attacker can read and write arbitrary files on the Jenkins controller file system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Authorization
EUVDB-ID: #VU57986
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21693
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to permission to create files is only checked after they’ve been created. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Protection Mechanism Failure
EUVDB-ID: #VU57989
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21696
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the affected application does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. A remote authenticated attacker can replace the code of a trusted library with a modified variant and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Path traversal
EUVDB-ID: #VU57991
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21698
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Missing Authorization
EUVDB-ID: #VU57980
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21687
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. A remote attacker can compromise the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: 4.9.0 - 4.9.8
openshift-kuryr (Red Hat package): 4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8 - 4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8
openshift (Red Hat package): 4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8 - 4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8
cri-o (Red Hat package): 1.22.0-73.rhaos4.9.gitbdf286c.el8 - 1.22.0-91.rhaos4.9.gitd745cab.el7
jenkins (Red Hat package): 2.263.3.1612434510-1.el8 - 2.289.3.1633554819-1.el8
python-sushy (Red Hat package): 3.5.0-2.20201005161238.74b8111.el8 - 3.11.0-0.20210802160404.b93dcba.el8
jenkins-2-plugins (Red Hat package): 4.9.1630555871-1.el8
container-selinux (Red Hat package): 2.124.0-1.el8 - 2.144.0-1.rhaos4.4.el8
CPE2.3- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202109101042.p0.git.e66f211.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift-kuryr_redhat_package:4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:openshift_redhat_package:4.9.0-202110140556.p0.git.ef241fd.assembly.stream.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-73.rhaos4.9.gitbdf286c.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-74.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:cri-o_redhat_package:1.22.0-78.rhaos4.9.gitd745cab.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins_redhat_package:2.263.3.1612434510-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-sushy_redhat_package:3.5.0-2.20201005161238.74b8111.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:jenkins-2-plugins_redhat_package:4.9.1630555871-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:container-selinux_redhat_package:2.124.0-1.el8:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:4833
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
