OpenShift Data Foundation 4.12 update for kube-apiserver
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-3172 CVE-2022-2795 CVE-2022-36227 CVE-2022-40023 CVE-2023-2491 CVE-2023-27535 |
| CWE-ID | CWE-918 CWE-399 CWE-476 CWE-185 CWE-78 CWE-371 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OpenShift Data Foundation (formerly OpenShift Container Storage) Server applications / Virtualization software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU67554
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3172
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in kube-apiserver. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU67545
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2795
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing large delegations. A remote attacker can flood the target resolver with queries and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU69582
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-36227
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect Regular Expression
EUVDB-ID: #VU67555
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40023
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions within the Lexer class. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS Command Injection
EUVDB-ID: #VU75915
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-2491
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a missing fix for #VU74578 (CVE-2023-28617). A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) State Issues
EUVDB-ID: #VU73828
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.12 - 4.12.3
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.12.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:3609
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
