SB20240718200 - Multiple vulnerabilities in Red Hat OpenShift GitOps 1.11
Published: July 18, 2024 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2024-24786)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.
2) Use of uninitialized variable (CVE-ID: CVE-2024-26147)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an uninitialized variable when using the LoadIndexFile or DownloadIndexFile functions in the repo
package or the LoadDir function in the plugin package. If index.yaml file or a plugins plugin.yaml file are missing in the repository, the application crashes.
3) Path traversal (CVE-ID: CVE-2024-25620)
The vulnerability allows a remote user to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences when saving charts at Chart.yaml. A remote user can send a specially crafted HTTP request and overwrite arbitrary files on the system.
4) OS Command Injection (CVE-ID: CVE-2022-48624)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) NULL pointer dereference (CVE-ID: CVE-2023-2953)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ber_memalloc_x() function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
6) Resource exhaustion (CVE-ID: CVE-2023-45288)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.7) Information disclosure (CVE-ID: CVE-2023-45289)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure forwarding of headers and cookies to a third-party domains in net/http and net/http/cookiejar. A remote attacker can trick the application into sharing sensitive information with an attacker-controlled website.
8) Resource exhaustion (CVE-ID: CVE-2023-45290)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in net/http due to application does not properly control consumption of internal resources when parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
9) Error Handling (CVE-ID: CVE-2024-24783)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in crypto/x509 due to improper validation of a certificate chain that contains an unknown public key. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service attack.
10) Use-after-free (CVE-ID: CVE-2024-25062)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Input validation error (CVE-ID: CVE-2024-28182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
12) Arbitrary file upload (CVE-ID: CVE-2024-32002)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
13) Code Injection (CVE-ID: CVE-2024-32004)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a process control issue while cloning special-crafted local repositories. A remote attacker can execute arbitrary code on the target system.
14) UNIX Hard Link (CVE-ID: CVE-2024-32020)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure hardlink following when working with local clones. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user.
15) UNIX symbolic link following (CVE-ID: CVE-2024-32021)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure symlink following issue. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory.
16) Code injection (CVE-ID: CVE-2024-32465)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when working with zip files or tarballs during cloning. A remote attacker can and execute arbitrary code on the target system.
17) OS Command Injection (CVE-ID: CVE-2024-32487)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
18) Stack-based buffer overflow (CVE-ID: CVE-2024-33599)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
19) NULL pointer dereference (CVE-ID: CVE-2024-33600)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
20) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-33601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2024-33602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
22) Buffer overflow (CVE-ID: CVE-2017-8461)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in RPC implementation, when Routing and Remote Access service is enabled in Windows XP and Windows 2003. A remote unauthenticated attacker can send a specially crafted RPC request to vulnerable system and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being exploited in the wild.
Remediation
Install update from vendor's website.