Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

1) Resource exhaustion

EUVDB-ID: #VU81728

Risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2023-44487

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Resource exhaustion

EUVDB-ID: #VU82064

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39325

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU78327

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29406

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Certificate Validation

EUVDB-ID: #VU78913

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29409

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site scripting

EUVDB-ID: #VU80572

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39318

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

EUVDB-ID: #VU80573

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39319

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU80574

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39321

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU80575

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39322

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.14.0 - 4.14.1

openshift-clients (Red Hat package): before 4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8

kernel-rt (Red Hat package): before 5.14.0-284.40.1.rt14.325.el9_2

kernel (Red Hat package): before 5.14.0-284.40.1.el9_2

cri-o (Red Hat package): before 1.27.1-13.1.rhaos4.14.git956c5f7.el8

container-selinux (Red Hat package): before 2.223.0-1.rhaos4.14.el8

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openshift_container_platform:4.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:container-selinux_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:6840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.