Multiple vulnerabilities in Red Hat OpenShift GitOps 1.11

1) Path traversal

EUVDB-ID: #VU90715

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29180

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU86383

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4408

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing DNS messages. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU88184

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-45288

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Resource exhaustion

EUVDB-ID: #VU86377

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-50387

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Resource exhaustion

EUVDB-ID: #VU86378

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-50868

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Buffer overflow

EUVDB-ID: #VU88822

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-2961

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Cryptographic issues

EUVDB-ID: #VU87671

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-28834

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat OpenShift GitOps: before 1.11.4

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2024:2815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.