Multiple vulnerabilities in Red Hat OpenShift Data Foundation 4.11
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2023-3089 CVE-2020-24736 CVE-2022-2795 CVE-2022-36227 CVE-2022-40023 CVE-2023-1667 CVE-2023-2283 CVE-2023-2491 CVE-2023-24329 CVE-2023-26604 CVE-2023-27535 |
| CWE-ID | CWE-326 CWE-119 CWE-399 CWE-476 CWE-185 CWE-20 CWE-287 CWE-78 CWE-269 CWE-371 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OpenShift Data Foundation (formerly OpenShift Container Storage) Server applications / Virtualization software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Inadequate Encryption Strength
EUVDB-ID: #VU78005
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3089
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU77780
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU67545
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2795
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing large delegations. A remote attacker can flood the target resolver with queries and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU69582
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-36227
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect Regular Expression
EUVDB-ID: #VU67555
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40023
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions within the Lexer class. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU75741
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Authentication
EUVDB-ID: #VU75740
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-2283
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) OS Command Injection
EUVDB-ID: #VU75915
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-2491
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a missing fix for #VU74578 (CVE-2023-28617). A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU72618
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-24329
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Privilege Management
EUVDB-ID: #VU74146
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26604
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
MitigationInstall updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) State Issues
EUVDB-ID: #VU73828
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install updates from vendor's website.
OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8
CPE2.3- cpe:2.3:a:red_hat:openshift_container_storage:4.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:openshift_container_storage:4.11.2:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2023:4238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
