SB2024042566 - Multiple vulnerabilities in Red Hat OpenShift GitOps 1.12

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024042566

SB2024042566 - Multiple vulnerabilities in Red Hat OpenShift GitOps 1.12

Published: April 25, 2024

Security Bulletin ID SB2024042566
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 82% Low 18%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2024-21661)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


2) Improper access control (CVE-ID: CVE-2023-50726)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper validation bug. A remote user with "create" but not "override" privileges can perform local sync.


3) Security features bypass (CVE-ID: CVE-2024-21652)

The vulnerability allows a remote attacker to bypass brute-force protection.

The vulnerability exists due to an error when handling different application states. A remote attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection.


4) Resource exhaustion (CVE-ID: CVE-2024-29893)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can crash the repo server component through an out of memory error by pointing it to a malicious Helm registry.


5) Security features bypass (CVE-ID: CVE-2024-21662)

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to usage of a weak cache-based mechanism. A remote attacker can bypass the rate limit and brute force protections.


6) Integer overflow (CVE-ID: CVE-2021-43618)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


7) OS Command Injection (CVE-ID: CVE-2022-48624)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Expected behavior violation (CVE-ID: CVE-2023-28322)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.


9) External control of file name or path (CVE-ID: CVE-2023-38546)

The vulnerability allows an attacker to inject arbitrary cookies into request.

The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl.

10) Information disclosure (CVE-ID: CVE-2023-46218)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.


11) Resource exhaustion (CVE-ID: CVE-2023-52425)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References