SB2022050444 - Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.4
Published: May 4, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2022-0235)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.
2) Input validation error (CVE-ID: CVE-2022-21803)
The vulnerability allows a remote attacker to modify files on the system.
The vulnerability exists due to .set() function that is responsible for setting the configuration properties is vulnerable to Prototype Pollution. A remote attacker can provide a specially crafted property, leading to prototype object pollution.
3) Input validation error (CVE-ID: CVE-2021-43565)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Information disclosure (CVE-ID: CVE-2022-0536)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
5) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-24771)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to a improper signature verification when checking the digestAlgorithm structure. A remote unauthenticated attacker can use a specially-crafted structure to steal padding bytes and use unchecked portion of the PKCS#1 encoded message to exploit this vulnerability and forge a signature when a low public exponent is being used.
6) Improper access control (CVE-ID: CVE-2021-23555)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to sandbox bypass via direct access to host error objects generated by node internals during generation of a stacktraces. A remote attacker can execute arbitrary code on the target system.
7) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-0613)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to missing access checks. A remote attacker can manipulate values in the request to gain unauthorized access to the application.
8) Incorrect authorization (CVE-ID: CVE-2022-1365)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to exposure of sensitive information due to insecure following of redirects. A remote attacker can force the application to redirect to a malicious website and gain access to authorization cookie.
9) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-24772)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect RSA PKCS#1 v1.5 signature verification caused by a missing check or tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. A remote attacker can forge a signature and perform a man-in-the-middle (MitM) attack.
10) Path traversal (CVE-ID: CVE-2022-24785)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
11) Input validation error (CVE-ID: CVE-2022-24723)
The vulnerability allows a remote attacker to modify application behavior.
The vulnerability exists due to insufficient validation of user-supplied input when handling whitespace characters in URL. A remote attacker can pass specially crafted input to the application and modify application behavior.
12) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-24773)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. A remote unauthenticated attacker can get a successful verification with signatures that contain invalid structures but a valid digest
13) Information disclosure (CVE-ID: CVE-2022-0155)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
14) Incorrect authorization (CVE-ID: CVE-2022-24450)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to misusing the "dynamically provisioned sandbox accounts" feature. A remote user can take advantage of its valid account and switch over to another existing account without further authentication to obtain the privileges of the System account.
15) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2021-4028)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the RDMA listen()
function in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
17) Resource exhaustion (CVE-ID: CVE-2021-4115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to process file descriptor exhaustion in polkit. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2022-1154)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the utf_ptr2char() function in regexp_bt.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
20) Heap-based buffer overflow (CVE-ID: CVE-2022-25636)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.