Multiple vulnerabilities in Red Hat Gatekeeper Operator
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2023-3089 CVE-2020-24736 CVE-2022-36227 CVE-2023-1667 CVE-2023-2283 CVE-2023-26604 CVE-2023-27535 |
| CWE-ID | CWE-326 CWE-119 CWE-476 CWE-20 CWE-287 CWE-269 CWE-371 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Gatekeeper Operator Server applications / Other server solutions |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Inadequate Encryption Strength
EUVDB-ID: #VU78005
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3089
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.
Install updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU77780
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU69582
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-36227
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU75741
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authentication
EUVDB-ID: #VU75740
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-2283
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.
MitigationInstall updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Privilege Management
EUVDB-ID: #VU74146
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26604
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
MitigationInstall updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) State Issues
EUVDB-ID: #VU73828
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install updates from vendor's website.
Gatekeeper Operator: 0.2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2023:4475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
