Multiple vulnerabilities in Red Hat OpenShift Data Foundation 4.11



Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2023-3089
CVE-2020-24736
CVE-2022-2795
CVE-2022-36227
CVE-2022-40023
CVE-2023-1667
CVE-2023-2283
CVE-2023-2491
CVE-2023-24329
CVE-2023-26604
CVE-2023-27535
CWE-ID CWE-326
CWE-119
CWE-399
CWE-476
CWE-185
CWE-20
CWE-287
CWE-78
CWE-269
CWE-371
Exploitation vector Network
Public exploit N/A
Vulnerable software
OpenShift Data Foundation (formerly OpenShift Container Storage)
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Inadequate Encryption Strength

EUVDB-ID: #VU78005

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-3089

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU77780

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-24736

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU67545

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2795

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing large delegations. A remote attacker can flood the target resolver with queries and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU69582

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36227

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Incorrect Regular Expression

EUVDB-ID: #VU67555

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40023

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions within the Lexer class. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU75741

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-1667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Authentication

EUVDB-ID: #VU75740

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-2283

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The  A remote attacker can bypass authentication process and gain unauthorized access to the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) OS Command Injection

EUVDB-ID: #VU75915

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-2491

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to a missing fix for #VU74578 (CVE-2023-28617). A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU72618

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-24329

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Privilege Management

EUVDB-ID: #VU74146

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-26604

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) State Issues

EUVDB-ID: #VU73828

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-27535

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to FTP server.

The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.

The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Data Foundation (formerly OpenShift Container Storage): 4.11.0 - 4.11.8

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:4238


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###