Multiple vulnerabilities in Red Hat OpenShift GitOps 1.10
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2023-7104 CVE-2024-0553 CVE-2023-52425 CVE-2023-46218 CVE-2023-38546 CVE-2023-28322 CVE-2023-26604 CVE-2022-48624 CVE-2024-21661 CVE-2022-4415 CVE-2022-3821 CVE-2021-43618 CVE-2024-21662 CVE-2024-29893 CVE-2024-21652 CVE-2023-50726 |
| CWE-ID | CWE-125 CWE-208 CWE-400 CWE-200 CWE-73 CWE-440 CWE-269 CWE-78 CWE-399 CWE-193 CWE-190 CWE-254 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat OpenShift GitOps Web applications / Other software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU84985
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7104
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU85623
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0553
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
Note, the vulnerability exists due to incomplete fox for #VU83316 (CVE-2023-5981).
Install updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU86230
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU83900
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46218
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) External control of file name or path
EUVDB-ID: #VU81863
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38546
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl.
Mitigation
Install updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Expected behavior violation
EUVDB-ID: #VU76238
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28322
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Privilege Management
EUVDB-ID: #VU74146
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26604
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) OS Command Injection
EUVDB-ID: #VU86885
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48624
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU89006
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21661
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Privilege Management
EUVDB-ID: #VU70461
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4415
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.
The vulnerability affects systems with libacl support.
Install updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Off-by-one
EUVDB-ID: #VU69807
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3821
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Integer overflow
EUVDB-ID: #VU63553
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43618
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security features bypass
EUVDB-ID: #VU89008
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21662
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform brute-force attack.
The vulnerability exists due to usage of a weak cache-based mechanism. A remote attacker can bypass the rate limit and brute force protections.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU89009
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29893
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can crash the repo server component through an out of memory error by pointing it to a malicious Helm registry.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security features bypass
EUVDB-ID: #VU89007
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21652
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass brute-force protection.
The vulnerability exists due to an error when handling different application states. A remote attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper access control
EUVDB-ID: #VU87525
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-50726
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper validation bug. A remote user with "create" but not "override" privileges can perform local sync.
MitigationInstall updates from vendor's website.
Red Hat OpenShift GitOps: 1.10.0 - 1.10.3
CPE2.3- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.0:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.1:*:*:*:*:*:*:
- cpe:2.3:a:red_hat:red_hat_openshift_gitops:1.10.2:*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2024:1700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
