Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
{"debiancve": [{"lastseen": "2023-06-13T14:33:36", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-17T16:15:00", "type": "debiancve", "title": "CVE-2019-11253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-10-17T16:15:00", "id": "DEBIANCVE:CVE-2019-11253", "href": "https://security-tracker.debian.org/tracker/CVE-2019-11253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-25T14:30:07", "description": "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the openshift RPM package for Red Hat OpenShift Container Platform 4.1.20.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-17T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3132.NASL", "href": "https://www.tenable.com/plugins/nessus/129996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3132. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129996);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3132\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openshift is now available for Red Hat OpenShift\nContainer Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the openshift RPM package for Red Hat OpenShift\nContainer Platform 4.1.20.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openshift-clients,\nopenshift-clients-redistributable and / or openshift-hyperkube\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x / 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3132\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.20-201910101746.git.0.a80aad5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.20-201910101746.git.0.a80aad5.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.20-201910101746.git.0.a80aad5.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.20-201910101746.git.0.a80aad5.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openshift-clients / openshift-clients-redistributable / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:05", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2799 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-cni (RHSA-2020:2799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-cni"], "id": "REDHAT-RHSA-2020-2799.NASL", "href": "https://www.tenable.com/plugins/nessus/138027", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2799. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138027);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2020:2799\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-cni (RHSA-2020:2799)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2799 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-cni package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-cni\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-cni-1.1.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-cni');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:55", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2870 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-cni"], "id": "REDHAT-RHSA-2020-2870.NASL", "href": "https://www.tenable.com/plugins/nessus/138187", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2870. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138187);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2020:2870\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2870 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-cni package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-cni\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-cni-1.0.11-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-cni');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:33", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2863 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-prometheus"], "id": "REDHAT-RHSA-2020-2863.NASL", "href": "https://www.tenable.com/plugins/nessus/138186", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2863. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138186);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2020:2863\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2863 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-prometheus package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-prometheus\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-prometheus-2.7.2-36.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-prometheus');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:04", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Kubernetes PHSA-2020-1.0-0264", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0264_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/132982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132982);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\"CVE-2019-11253\");\n\n script_name(english:\"Photon OS 1.0: Kubernetes PHSA-2020-1.0-0264\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-1.13.12-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-dashboard-1.8.3-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-dns-1.14.8-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.13.12-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.13.12-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.13.12-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:54", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.154.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11251", "CVE-2019-11253"], "modified": "2020-02-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3905.NASL", "href": "https://www.tenable.com/plugins/nessus/131153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3905. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131153);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/10\");\n\n script_cve_id(\"CVE-2019-11251\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3905\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat\nOpenShift Container Platform 3.11.154.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double\nsymlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11251\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3905\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:55", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2795 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\n - openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace (CVE-2020-14306)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253", "CVE-2020-14306"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-operator"], "id": "REDHAT-RHSA-2020-2795.NASL", "href": "https://www.tenable.com/plugins/nessus/138028", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2795. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138028);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11253\", \"CVE-2020-14306\");\n script_xref(name:\"RHSA\", value:\"2020:2795\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2795 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\n - openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace\n (CVE-2020-14306)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850380\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-operator package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14306\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400, 648);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-operator\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-operator-1.1.4-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-operator');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:10", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kube-apiserver: DoS with crafted patch of type json-patch (CVE-2019-1002100)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002100", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11253"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3239.NASL", "href": "https://www.tenable.com/plugins/nessus/130384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3239. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130384);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-1002100\", \"CVE-2019-11249\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3239\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and\nCVE-2019-11246, kubectl cp potential directory traversal\n(CVE-2019-11249)\n\n* kube-apiserver: DoS with crafted patch of type json-patch\n(CVE-2019-1002100)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-1002100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11249\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3239\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:30", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.9.102.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* atomic-openshift: OpenShift builds don't verify SSH Host Keys for the Git repository (CVE-2019-10150)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-10150", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11251", "CVE-2019-11253"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3811.NASL", "href": "https://www.tenable.com/plugins/nessus/130747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3811. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130747);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-10150\", \"CVE-2019-11249\", \"CVE-2019-11251\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3811\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat\nOpenShift Container Platform 3.9.102.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* atomic-openshift: OpenShift builds don't verify SSH Host Keys for\nthe Git repository (CVE-2019-10150)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and\nCVE-2019-11246, kubectl cp potential directory traversal\n(CVE-2019-11249)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double\nsymlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11249\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3811\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-cluster-capacity-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-cluster-capacity-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-federation-services-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-federation-services-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-service-catalog-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-service-catalog-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.9.102-1.git.0.6411f52.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:00", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2861 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\n - grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n - grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n - grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379)\n\n - grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\n - npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js (CVE-2020-7660)\n\n - npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana (RHSA-2020:2861)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13379", "CVE-2020-13430", "CVE-2020-7660", "CVE-2020-7662"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus"], "id": "REDHAT-RHSA-2020-2861.NASL", "href": "https://www.tenable.com/plugins/nessus/138178", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2861. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138178);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-11253\",\n \"CVE-2020-7660\",\n \"CVE-2020-7662\",\n \"CVE-2020-12052\",\n \"CVE-2020-12245\",\n \"CVE-2020-13379\",\n \"CVE-2020-13430\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2861\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana (RHSA-2020:2861)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2861 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\n - grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n - grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n - grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send\n HTTP requests to any URL (CVE-2020-13379)\n\n - grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\n - npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function\n deleteFunctions within index.js (CVE-2020-7660)\n\n - npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1844228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848643\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-grafana and / or servicemesh-grafana-prometheus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13379\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 284, 400, 476, 502, 918);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.0/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-grafana-6.2.2-38.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'},\n {'reference':'servicemesh-grafana-prometheus-6.2.2-38.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-grafana / servicemesh-grafana-prometheus');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:51", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service (CVE-2019-11253)\n\n - npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n - grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n - grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n - grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379)\n\n - grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\n - npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js (CVE-2020-7660)\n\n - npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11253", "CVE-2019-16769", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13379", "CVE-2020-13430", "CVE-2020-7660", "CVE-2020-7662"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana", "p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus"], "id": "REDHAT-RHSA-2020-2796.NASL", "href": "https://www.tenable.com/plugins/nessus/138031", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2796. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138031);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-11253\",\n \"CVE-2019-16769\",\n \"CVE-2020-7660\",\n \"CVE-2020-7662\",\n \"CVE-2020-12052\",\n \"CVE-2020-12245\",\n \"CVE-2020-13379\",\n \"CVE-2020-13430\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2796\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2796 advisory.\n\n - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service\n (CVE-2019-11253)\n\n - npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n - grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n - grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n - grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send\n HTTP requests to any URL (CVE-2020-13379)\n\n - grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\n - npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function\n deleteFunctions within index.js (CVE-2020-7660)\n\n - npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1844228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848643\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected servicemesh-grafana and / or servicemesh-grafana-prometheus packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13379\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 284, 400, 476, 502, 918);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:servicemesh-grafana-prometheus\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/debug',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/os',\n 'content/dist/layered/rhel8/x86_64/ossm/1.1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'servicemesh-grafana-6.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'},\n {'reference':'servicemesh-grafana-prometheus-6.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'servicemesh'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'servicemesh-grafana / servicemesh-grafana-prometheus');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T18:03:59", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4816 advisory.\n\n - In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache- dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. (CVE-2019-11244)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n (CVE-2019-9512)\n\n - The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. (CVE-2019-11246)\n\n - The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. (CVE-2019-11251)\n\n - The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. (CVE-2019-11247)\n\n - The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\n (CVE-2019-11249)\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. (CVE-2019-16276)\n\n - Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.\n Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. (CVE-2019-11253)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kubernetes (ELSA-2019-4816)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11244", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-16276", "CVE-2019-9512"], "modified": "2023-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kubeadm", "p-cpe:/a:oracle:linux:kubeadm-ha-setup", "p-cpe:/a:oracle:linux:kubectl", "p-cpe:/a:oracle:linux:kubelet", "p-cpe:/a:oracle:linux:kubeadm-upgrade"], "id": "ORACLELINUX_ELSA-2019-4816.NASL", "href": "https://www.tenable.com/plugins/nessus/180704", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4816.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180704);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\n \"CVE-2019-9512\",\n \"CVE-2019-11244\",\n \"CVE-2019-11246\",\n \"CVE-2019-11247\",\n \"CVE-2019-11249\",\n \"CVE-2019-11251\",\n \"CVE-2019-11253\",\n \"CVE-2019-16276\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 7 : kubernetes (ELSA-2019-4816)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4816 advisory.\n\n - In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir\n (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-\n dir is specified and pointed at a different location accessible to other users/groups, the written files\n may be modified by other users/groups and disrupt the kubectl invocation. (CVE-2019-11244)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The\n attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of\n responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n (CVE-2019-9512)\n\n - The kubectl cp command allows copying files between containers and the user machine. To copy files from a\n container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network,\n and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could\n run any code and output unexpected, malicious results. An attacker could use this to write files to any\n path on the user's machine when kubectl cp is called, limited only by the system permissions of the local\n user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions\n prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. (CVE-2019-11246)\n\n - The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4\n allows a combination of two symlinks provided by tar output of a malicious container to place a file\n outside of the destination directory specified in the kubectl cp invocation. This could be used to allow\n an attacker to place a nefarious file using a symlink, outside of the destination tree. (CVE-2019-11251)\n\n - The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request\n is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are\n enforced using roles and role bindings within the namespace, meaning that a user with access only to a\n resource in one namespace could create, view update or delete the cluster-scoped resource (according to\n their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions\n prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. (CVE-2019-11247)\n\n - The kubectl cp command allows copying files between containers and the user machine. To copy files from a\n container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network,\n and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could\n run any code and output unexpected, malicious results. An attacker could use this to write files to any\n path on the user's machine when kubectl cp is called, limited only by the system permissions of the local\n user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions\n prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\n (CVE-2019-11249)\n\n - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. (CVE-2019-16276)\n\n - Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to\n v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads,\n causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.\n Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger\n this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by\n default for backwards compatibility. (CVE-2019-11253)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4816.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubeadm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubeadm-ha-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubeadm-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubectl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubelet\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kubeadm-1.12.10-1.0.10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubeadm-ha-setup-0.0.2-1.0.68.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubeadm-upgrade-0.0.1-1.0.27.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubectl-1.12.10-1.0.10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubelet-1.12.10-1.0.10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kubeadm / kubeadm-ha-setup / kubeadm-upgrade / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-08-04T12:28:05", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the openshift RPM package for Red Hat\nOpenShift Container Platform 4.1.20.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-16T15:24:10", "type": "redhat", "title": "(RHSA-2019:3132) Important: OpenShift Container Platform 4.1.20 openshift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-10-16T15:33:30", "id": "RHSA-2019:3132", "href": "https://access.redhat.com/errata/RHSA-2019:3132", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-01T18:32:09", "type": "redhat", "title": "(RHSA-2020:2799) Important: Red Hat OpenShift Service Mesh servicemesh-cni security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-07-01T18:40:13", "id": "RHSA-2020:2799", "href": "https://access.redhat.com/errata/RHSA-2020:2799", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-07T21:08:32", "type": "redhat", "title": "(RHSA-2020:2870) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-cni security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-07-07T21:13:03", "id": "RHSA-2020:2870", "href": "https://access.redhat.com/errata/RHSA-2020:2870", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-07T19:20:43", "type": "redhat", "title": "(RHSA-2020:2863) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-07-07T19:26:46", "id": "RHSA-2020:2863", "href": "https://access.redhat.com/errata/RHSA-2020:2863", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace (CVE-2020-14306)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-01T18:27:53", "type": "redhat", "title": "(RHSA-2020:2795) Important: Red Hat OpenShift Service Mesh 1.1 servicemesh-operator security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2020-14306"], "modified": "2020-07-01T18:32:08", "id": "RHSA-2020:2795", "href": "https://access.redhat.com/errata/RHSA-2020:2795", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.154.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-18T16:17:10", "type": "redhat", "title": "(RHSA-2019:3905) Important: OpenShift Container Platform 3.11 atomic-openshift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11251", "CVE-2019-11253"], "modified": "2019-11-18T16:17:48", "id": "RHSA-2019:3905", "href": "https://access.redhat.com/errata/RHSA-2019:3905", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kube-apiserver: DoS with crafted patch of type json-patch (CVE-2019-1002100)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-29T16:03:25", "type": "redhat", "title": "(RHSA-2019:3239) Important: OpenShift Container Platform 3.10 atomic-openshift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002100", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11253"], "modified": "2019-10-29T16:12:57", "id": "RHSA-2019:3239", "href": "https://access.redhat.com/errata/RHSA-2019:3239", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.9.102.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* atomic-openshift: OpenShift builds don't verify SSH Host Keys for the Git repository (CVE-2019-10150)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-07T16:39:10", "type": "redhat", "title": "(RHSA-2019:3811) Important: OpenShift Container Platform 3.9 atomic-openshift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-10150", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11251", "CVE-2019-11253"], "modified": "2019-11-07T16:48:48", "id": "RHSA-2019:3811", "href": "https://access.redhat.com/errata/RHSA-2019:3811", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379)\n\n* npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js (CVE-2020-7660)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-07-07T19:20:27", "type": "redhat", "title": "(RHSA-2020:2861) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13379", "CVE-2020-13430", "CVE-2020-7660", "CVE-2020-7662"], "modified": "2020-07-07T19:23:57", "id": "RHSA-2020:2861", "href": "https://access.redhat.com/errata/RHSA-2020:2861", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote (CVE-2019-11253)\n* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)\n* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)\n* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T11:27:13", "type": "redhat", "title": "(RHSA-2022:2183) Moderate: Release of containers for OSP 16.2.z director operator tech preview", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2019-11253", "CVE-2019-19794", "CVE-2020-15257", "CVE-2021-29482", "CVE-2021-32760", "CVE-2022-1154", "CVE-2022-1271"], "modified": "2022-05-11T11:28:20", "id": "RHSA-2022:2183", "href": "https://access.redhat.com/errata/RHSA-2022:2183", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service (CVE-2019-11253)\n\n* grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js (CVE-2020-7660)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-07-01T18:27:56", "type": "redhat", "title": "(RHSA-2020:2796) Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2019-16769", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13379", "CVE-2020-13430", "CVE-2020-7660", "CVE-2020-7662"], "modified": "2020-07-01T18:34:40", "id": "RHSA-2020:2796", "href": "https://access.redhat.com/errata/RHSA-2020:2796", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-24T01:38:56", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nAPI Connect | IBM API Connect V2018.4.1.0-2018.4.1.8 \n \n## Remediation/Fixes\n\nAffected releases | Fixed in VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM API Connect V2018.4.1.0-2018.4.1.8 | \n\nv2018.4.1.9\n\n| \n\nLI81179\n\n| \n\nAddressed in IBM API Connect v2018.4.1.9.\n\nAll components deployed on Kubernetes are impacted.\n\n \nFollow this link and find the package appropriate for your installation.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.8&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder?\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-02T17:44:12", "type": "ibm", "title": "Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11253)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-01-02T17:44:12", "id": "AD9DBBB5067A53C70E85A28D69FCA6EEF4F2E2085D86265C9CAAB047AC79BE98", "href": "https://www.ibm.com/support/pages/node/1167142", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:40:30", "description": "## Summary\n\nIBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads (CVE-2019-11253)\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>)\n\nDescription: The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/168618> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Kubernetes Service 1.15.0-1.15.4 \n\nIBM Cloud Kubernetes Service 1.14.0-1.14.7 \nIBM Cloud Kubernetes Service 1.13.0-1.13.11 \nIBM Cloud Kubernetes Service 1.5-1.12\n\n## Remediation/Fixes\n\nUpdates for IBM Cloud Kubernetes Service clusters at versions 1.13 and later are available that fix this vulnerability. IBM Cloud Kubernetes Service will attempt to automatically apply the fix to your cluster master. There is no need to update cluster worker nodes for this vulnerability.\n\nTo verify your clusters are no longer exposed to this vulnerability, use the following IBM Cloud CLI command to confirm your cluster master versions:\n\n`ibmcloud ks clusters`\n\nIf your cluster masters are at one of the following versions or later, they are no longer exposed to this vulnerability:\n\n[1.13.12](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#11312_1539>) \n[1.14.8](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1148_1536>) \n[1.15.5](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1155_1520>)\n\nIf one or more of your clusters has not had its master automatically updated then use the following IBM Cloud CLI command to complete the cluster master update, replacing \"1.##\" with the target version.\n\n`ibmcloud ks cluster-update --cluster <cluster name or ID> --kube-version 1.##`\n\nCustomers running IBM Cloud Kubernetes Service clusters at versions 1.11 or 1.12 must [upgrade](<https://cloud.ibm.com/docs/containers?topic=containers-update#update>) their affected clusters to version 1.13. Customers running IBM Cloud Kubernetes Service clusters at version 1.10 must upgrade first to version 1.12 and then to version 1.13. Please review the [documentation](<https://cloud.ibm.com/docs/containers?topic=containers-update#update>) before starting an upgrade since additional actions may be required.\n\nCustomers running IBM Cloud Kubernetes Service clusters at version 1.5, 1.7, 1.8 or 1.9 must [create a new cluster](<https://cloud.ibm.com/docs/containers?topic=containers-clusters#clusters>) and [deploy their apps](<https://cloud.ibm.com/docs/containers?topic=containers-app#app>) to the new cluster.\n\nNote: IBM Cloud Kubernetes Service versions 1.5, 1.7, 1.8, 1.9, 1.10 and 1.11 are no longer supported, and version 1.12 is deprecated. See the IBM Cloud Kubernetes Service [Version information and update actions documentation](<https://cloud.ibm.com/docs/containers?topic=containers-cs_versions#cs_versions>) for more information about Kubernetes versions and version support policies.\n\n## Workarounds and Mitigations\n\nCustomers running IBM Cloud Kubernetes Service clusters at versions 1.14 and later that have been _upgraded from version 1.13 or earlier_, are encouraged to follow the [Kubernetes default RBAC policies for unauthenticated users](<https://cloud.ibm.com/docs/containers?topic=containers-cs_versions#114_after>) post-upgrade migration action. Doing so helps mitigate which users are able to exploit a vulnerability like this. Clusters created at versions 1.14 or later already have these more secure defaults.\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nDD MMM 2019: Original version published \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-25T16:46:16", "type": "ibm", "title": "Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-10-25T16:46:16", "id": "19D52A8FF35F7ED39A8E12A67475724D85072FACAB5E51B0C6DA31F67A07D139", "href": "https://www.ibm.com/support/pages/node/1098759", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:19", "description": "## Summary\n\nFixed OSS issue for listed CVE\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| All \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.1.0 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=11.1.1.0-IM-INZCPD-fp200831&product=ibm%2FInformation%20Management%2FIBM%20Netezza%20for%20Cloud%20Pak%20for%20Data&source=dbluesearch&mhsrc=ibmsearch_s&mhq=IBM%20Netezza%20for%20Cloud%20Pak%20for%20Data%2011.1.1.0&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T07:12:00", "type": "ibm", "title": "Security Bulletin: Open Source Security issues for NPS service provider", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-12-11T07:12:00", "id": "D123779355BC4ABF556BE1CB1C0AC3B3376DE0C5AEACD6468D7153F832BCE791", "href": "https://www.ibm.com/support/pages/node/6381248", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:40:03", "description": "## Summary\n\nRed Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads (CVE-2019-11253).\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \nDescription: The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/168618> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nRed Hat OpenShift on IBM Cloud 3.11.0-3.11.153\n\n## Remediation/Fixes\n\nUpdates for Red Hat OpenShift on IBM Cloud clusters at version 3.11 are available that fix this vulnerability. Red Hat OpenShift on IBM Cloud will attempt to automatically apply the fix to your cluster master. There is no need to update cluster worker nodes for this vulnerability.\n\nTo verify your Red Hat OpenShift on IBM Cloud clusters are no longer exposed to this vulnerability, use the following IBM Cloud CLI command to confirm your cluster master version:\n\n`ibmcloud ks clusters`\n\nIf your cluster masters are at the following version or later, they are no longer exposed to this vulnerability:\n\n[3.11.154](<https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_changelog#version-3-11-changelog>)\n\nIf one or more of your clusters has not had its master automatically updated then use the following IBM Cloud CLI command to complete the cluster master update.\n\n`ibmcloud ks cluster-update --cluster <cluster name or ID> --kube-version 3.11_openshift`\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-06T17:49:00", "type": "ibm", "title": "Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerability (CVE-2019-11253)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-12-06T17:49:00", "id": "763791E38337C34F22A68908FC979AE5D45166BCB47EFE4337C2CCC15D583CC6", "href": "https://www.ibm.com/support/pages/node/1126071", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:24", "description": "## Summary\n\nFixed OSS issue for listed CVEs. AWS storage later in NPS.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| All \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.1.0 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=11.1.1.0-IM-INZCPD-fp200831&product=ibm%2FInformation%20Management%2FIBM%20Netezza%20for%20Cloud%20Pak%20for%20Data&source=dbluesearch&mhsrc=ibmsearch_s&mhq=IBM%20Netezza%20for%20Cloud%20Pak%20for%20Data%2011.1.1.0&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T11:16:05", "type": "ibm", "title": "Security Bulletin: Open Source Security issues for AWS storage layer in NPS.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2020-7919"], "modified": "2020-12-10T11:16:05", "id": "2E0D3D0CF86F6C48B680F76C93BAE1886AC182B679AAB019C0AA49D79D2D84BA", "href": "https://www.ibm.com/support/pages/node/6380682", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:55", "description": "## Summary\n\nMultiple vulnerabilities (CVE-2019-11251, CVE-2019-11253) in Kubernetes package.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n \n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default, for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM PowerAI Vision | 1.1.3 \nIBM PowerAI Vision | 1.1.4 \n \n## Remediation/Fixes\n\nKubernetes has been upgraded in PowerAI Vision 1.1.5 to a level that addresses this vulnerability.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-08T16:47:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11251", "CVE-2019-11253"], "modified": "2020-01-08T16:47:26", "id": "5ADDCDCCBCAA61DA8CF5B02CB5B449E5A5F2BFFE2D509DF07ECBF25E4F3493E4", "href": "https://www.ibm.com/support/pages/node/1168570", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:53", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private - Kubernetes \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-17110](<https://vulners.com/cve/CVE-2019-17110>) \n** DESCRIPTION: **A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed as metrics. By default, kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default kubectl behavior and this new feature can cause the entire secret content to end up in metric labels, thus inadvertently exposing the secret content in metrics. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168365>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-10223](<https://vulners.com/cve/CVE-2019-10223>) \n** DESCRIPTION: **A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165077](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165077>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.0 CD \nIBM Cloud Private| 3.2.1 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.0\n * IBM Cloud Private 3.2.1\n\nFor IBM Cloud Private 3.2.0, apply January Fixpack:\n\n * [IBM Cloud Private 3.2.0.2001 fixpack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.0.2001-build539802-34753&includeSupersedes=0> \"IBM Cloud Private 3.2.0.2001 fixpack\" )\n\nFor IBM Cloud Private 3.2.1, apply January Fixpack:\n\n * [IBM Cloud Private 3.2.1.2001 fixpack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2001-build539803-34755&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2001 fixpack\" )\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2: \n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-14T23:27:05", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10223", "CVE-2019-11253", "CVE-2019-17110"], "modified": "2020-02-14T23:27:05", "id": "84B1E0EF6A74AC43722051F9E05D1DEA8BA7B64FA8D3A4B3CD6DCAFB98689BD2", "href": "https://www.ibm.com/support/pages/node/2495349", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:19", "description": "## Summary\n\nFixed OSS issus for listed CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| All \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.1.0 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=11.1.1.0-IM-INZCPD-fp200831&product=ibm%2FInformation%20Management%2FIBM%20Netezza%20for%20Cloud%20Pak%20for%20Data&source=dbluesearch&mhsrc=ibmsearch_s&mhq=IBM%20Netezza%20for%20Cloud%20Pak%20for%20Data%2011.1.1.0&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-11T07:10:49", "type": "ibm", "title": "Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11248", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-7919"], "modified": "2020-12-11T07:10:49", "id": "C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF", "href": "https://www.ibm.com/support/pages/node/6381242", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T05:46:31", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-8559", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2023-02-14T21:14:53", "id": "1BC083EA4858E87682C2DCC388853D4448B262347029C3CAC17ED3DD53B87E2B", "href": "https://www.ibm.com/support/pages/node/6833278", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:46:52", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-8559", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2023-02-14T21:04:36", "id": "1D122E5717E6BDDA2976836FBA5EB572CDBD9A9C5B48AF895D30982993B5723D", "href": "https://www.ibm.com/support/pages/node/6833280", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:43:37", "description": "## Summary\n\nSecurity Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110)\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-12206](<https://vulners.com/cve/CVE-2019-12206>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nxt_utf8_encode function in nxt/nxt_utf8.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161279> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n**CVEID:** [CVE-2019-12207](<https://vulners.com/cve/CVE-2019-12207>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nxt_utf8_encode function in nxt/nxt_utf8.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161281> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2019-12208](<https://vulners.com/cve/CVE-2019-12208>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the njs_function_native_call function in njs/njs_function.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161282> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n**CVEID:** [CVE-2019-11245](<https://vulners.com/cve/CVE-2019-11245>) \n**DESCRIPTION:** Kubernetes kubelet could allow a local attacker to gain elevated privileges on the system, caused by an issue with running the container with root in the second run. An attacker could exploit this vulnerability to obtain root access in a container. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161858> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n\n**CVEID:** [CVE-2019-17150](<https://vulners.com/cve/CVE-2019-17150>) \n**DESCRIPTION:** Docker could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in docker-credential-secretservice. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of the application. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/173371> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: Undefined\n\n**CVEID:** [CVE-2019-17149](<https://vulners.com/cve/CVE-2019-17149>) \n**DESCRIPTION: **Docker could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in docker-credential-helpers. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of the application. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/173370> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: Undefined\n\n**CVEID:** [CVE-2019-20372](<https://vulners.com/cve/CVE-2019-20372>) \n**DESCRIPTION:** NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain error_page configurations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/174252> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\n**CVEID:** [](<https://vulners.com/cve/CVE-2019-1543>)[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>)[](<https://vulners.com/cve/CVE-2019-1543>) \n**DESCRIPTION:** The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/168618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n**CVEID:** [](<https://vulners.com/cve/CVE-2019-1543>)[CVE-2019-10223](<https://vulners.com/cve/CVE-2019-10223>)[](<https://vulners.com/cve/CVE-2019-1543>) \n**DESCRIPTION:** Kubernetes kube-state-metrics could allow a remote attacker to obtain sensitive information, caused by a flaw in the experimental feature that enabled annotations to be exposed as metrics. By sending a specially-crafted request, an attacker could exploit this vulnerability to expose the secret content in metrics. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\n\n**CVEID:** [](<https://vulners.com/cve/CVE-2019-1543>)[CVE-2019-17110](<https://vulners.com/cve/CVE-2019-17110>)[](<https://vulners.com/cve/CVE-2019-1543>) \n**DESCRIPTION:** kube-state-metrics could allow a remote attacker to obtain sensitive information, caused by a flaw in the newly added experimental feature. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the secret content in metrics. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/168365> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: Undefined\n\n## Affected Products and Versions\n\nIBM Cloud Private for Data V2.1.0\n\n## Remediation/Fixes\n\nUsers of IBM Cloud Private for Data V2.1.0 are advised to:\n\n \nUpgrade to IBM Cloud Pak for Data V2.5.0\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-12206>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-12207>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-12208>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-11245>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-17150>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-17149>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-20372>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-111253>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-10223>\n\n<https://nvd.nist.gov/vuln/detail/CVE-2019-17110>\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSHGYS\",\"label\":\"IBM Cloud Pak for Data\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"V2.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T20:58:47", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1022", "CVE-2019-10223", "CVE-2019-111253", "CVE-2019-11245", "CVE-2019-11253", "CVE-2019-12206", "CVE-2019-12207", "CVE-2019-12208", "CVE-2019-1543", "CVE-2019-17110", "CVE-2019-17149", "CVE-2019-17150", "CVE-2019-20372"], "modified": "2020-03-06T20:58:47", "id": "3A52F98FB2A9FDFA9AC5F1CB4088CEE8B6BAE80A799FC6C32019FA065A36D302", "href": "https://www.ibm.com/support/pages/node/3486477", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:44:38", "description": "## Summary\n\nMuiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n**DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server with a microservices tier | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63311](<http://www.ibm.com/support/docview.wss?uid=swg1JR63311> \"JR63311\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply IBM Information Server version [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1\" ) \n \n \nFor Red Hat 8 installations contact IBM Customer support \n \n \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-01T21:05:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-04-01T21:05:42", "id": "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "href": "https://www.ibm.com/support/pages/node/6436613", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:47:29", "description": "## Summary\n\nMultiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-5736](<https://vulners.com/cve/CVE-2019-5736>) \n** DESCRIPTION: **runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156819](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2019-9946](<https://vulners.com/cve/CVE-2019-9946>) \n** DESCRIPTION: **Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158803](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158803>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in &#96;kubectl cp&#96; that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-10223](<https://vulners.com/cve/CVE-2019-10223>) \n** DESCRIPTION: **A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165077](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165077>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-17110](<https://vulners.com/cve/CVE-2019-17110>) \n** DESCRIPTION: **** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-10223. Reason: This candidate is a duplicate of CVE-2019-10223. Notes: All CVE users should reference CVE-2019-10223 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168365>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n** DESCRIPTION: **The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-11246](<https://vulners.com/cve/CVE-2019-11246>) \n** DESCRIPTION: **The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162892>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Studio - Local| 1.2.3 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Watson Studio Local| 2.1| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \nIBM Cloud Pak for Data| 2.5| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T13:53:35", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002105", "CVE-2019-10223", "CVE-2019-11246", "CVE-2019-11248", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-17110", "CVE-2019-5736", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2019-9946"], "modified": "2019-12-20T13:53:35", "id": "731A6DDD5325438B0FCA3D1B2CA7C8881C1A425221911E3EF5FB3283E134B7EA", "href": "https://www.ibm.com/support/pages/node/1143454", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T21:56:22", "description": "## Summary\n\nIBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-28154](<https://vulners.com/cve/CVE-2023-28154>) \n** DESCRIPTION: **Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to the real global object. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249874](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249874>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-25741](<https://vulners.com/cve/CVE-2021-25741>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange flaw in kubelet. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a container with subpath volume mounts to access files and directories outside of the volume. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-25737](<https://vulners.com/cve/CVE-2021-25737>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a host network hijacking flaw due to holes in EndpointSlice validation. By redirecting pod traffic to private networks on a Node, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202128](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202128>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8562](<https://vulners.com/cve/CVE-2020-8562>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use (TOCTOU) race condition flaw in the API Server proxy. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to private networks on the Kubernetes control plane components. \nCVSS Base score: 2.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201273](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201273>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-43441](<https://vulners.com/cve/CVE-2022-43441>) \n** DESCRIPTION: **Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the underlying implementation of .ToString() function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250292](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250292>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32797](<https://vulners.com/cve/CVE-2021-32797>) \n** DESCRIPTION: **JupyterLab could allow a remote attacker to execute arbitrary code on the system, caused by the lack of sanitization of the action attribute of an HTML form. By persuading a victim to open a specially-crafted notebook, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207158](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207158>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-15708](<https://vulners.com/cve/CVE-2017-15708>) \n** DESCRIPTION: **Apache Synapse could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Collections. By injecting specially-crafted serialized objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136262](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136262>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-7501](<https://vulners.com/cve/CVE-2015-7501>) \n** DESCRIPTION: **Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-6420](<https://vulners.com/cve/CVE-2015-6420>) \n** DESCRIPTION: **Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-4852](<https://vulners.com/cve/CVE-2015-4852>) \n** DESCRIPTION: **The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13116](<https://vulners.com/cve/CVE-2019-13116>) \n** DESCRIPTION: **MuleSoft Mule runtime could allow a remote attacker to execute arbitrary code on the system, caused by Java deserialization, related to Apache Commons Collections. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169704](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169704>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-34305](<https://vulners.com/cve/CVE-2022-34305>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the Form authentication example in the examples web application to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-4264](<https://vulners.com/cve/CVE-2021-4264>) \n** DESCRIPTION: **LinkedIn Dust.js could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242937](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242937>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0413](<https://vulners.com/cve/CVE-2022-0413>) \n** DESCRIPTION: **Vim could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the skipwhite function. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218421](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218421>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0361](<https://vulners.com/cve/CVE-2022-0361>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By submitting a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3872](<https://vulners.com/cve/CVE-2021-3872>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input using Clang 12 + ASan, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211573>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3796](<https://vulners.com/cve/CVE-2021-3796>) \n** DESCRIPTION: **Vim is vulnerable to a denial of service, caused by a use-after-free in nv_replace. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2022-1154](<https://vulners.com/cve/CVE-2022-1154>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by a use-after-free in mbyte.c in utf_ptr2char. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223115>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4019](<https://vulners.com/cve/CVE-2021-4019>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3984](<https://vulners.com/cve/CVE-2021-3984>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214373>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3778](<https://vulners.com/cve/CVE-2021-3778>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209481](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209481>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1621](<https://vulners.com/cve/CVE-2022-1621>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by vim_strncpy find_word. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H) \n \n** CVEID: **[CVE-2022-1629](<https://vulners.com/cve/CVE-2022-1629>) \n** DESCRIPTION: **Vim is vulnerable to a buffer overflow, caused by buffer over-read in find_next_quote. By opening a specially-crafted file, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226323](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226323>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-0392](<https://vulners.com/cve/CVE-2022-0392>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system, modify memory, or cause a denial of service. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0359](<https://vulners.com/cve/CVE-2022-0359>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted session file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0318](<https://vulners.com/cve/CVE-2022-0318>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217941](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217941>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-4193](<https://vulners.com/cve/CVE-2021-4193>) \n** DESCRIPTION: **Vim could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-4192](<https://vulners.com/cve/CVE-2021-4192>) \n** DESCRIPTION: **Vim could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-0261](<https://vulners.com/cve/CVE-2022-0261>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-16777](<https://vulners.com/cve/CVE-2019-16777>) \n** DESCRIPTION: **npm CLI could allow a local attacker to bypass security restrictions, caused by the failure to prevent existing globally-installed binaries to be overwritten by other package installations. An attacker could exploit this vulnerability to bypass filesystem access restrictions to overwrite an existing binary with a globally-installed package. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173159>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-16775](<https://vulners.com/cve/CVE-2019-16775>) \n** DESCRIPTION: **npm CLI could allow a local attacker to bypass security restrictions, caused by an arbitrary file overwrite vulnerability. An attacker could exploit this vulnerability to bypass filesystem access restrictions to create symlinks to files outside of the node_modules folder through the bin field upon installation. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-15095](<https://vulners.com/cve/CVE-2020-15095>) \n** DESCRIPTION: **Node.js npm CLI module could allow a local attacker to obtain sensitive information, caused by the storing of user credentials in the log file. By persuading a victim to open a log file, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-22467](<https://vulners.com/cve/CVE-2023-22467>) \n** DESCRIPTION: **Moment.js Luxon is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to the use of quadratic (N^2) complexity in the DateTime.fromRFC2822() function. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a slowdown in data process, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243783](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243783>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23346](<https://vulners.com/cve/CVE-2021-23346>) \n** DESCRIPTION: **Node.js html-parse-stringify and html-parse-stringify2 modules are vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS). By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the process to freeze, and results in a denial of service condition. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197736](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197736>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-3172](<https://vulners.com/cve/CVE-2022-3172>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to unexpected actions and the client's API server credentials to third parties. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel >= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32760](<https://vulners.com/cve/CVE-2021-32760>) \n** DESCRIPTION: **Containerd could allow a remote attacker to gain elevated privileges on the system, caused by improper file permissions. By pulling and extracting a specially-crafted container image, an attacker could exploit this vulnerability to perform Unix file permission changes for existing files in the host's filesystem. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205942](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205942>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-41092](<https://vulners.com/cve/CVE-2021-41092>) \n** DESCRIPTION: **Docker CLI could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when running \"docker login my-private-registry.example.com\" command with a misconfigured configuration file. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/210712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/210712>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **221455 \n** DESCRIPTION: **Node.js bunyan module could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/221455 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221455>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.10.0.0 - 1.10.10.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to at least CP4S 1.10.11.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-08T21:56:13", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4852", "CVE-2015-6420", "CVE-2015-7501", "CVE-2017-15708", "CVE-2019-11250", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-13116", "CVE-2019-16775", "CVE-2019-16777", "CVE-2020-14040", "CVE-2020-15095", "CVE-2020-29652", "CVE-2020-36518", "CVE-2020-8559", "CVE-2020-8562", "CVE-2020-8565", "CVE-2020-9283", "CVE-2021-23346", "CVE-2021-25735", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-32760", "CVE-2021-32797", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-41092", "CVE-2021-41190", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-4264", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-1154", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-3172", "CVE-2022-34305", "CVE-2022-43441", "CVE-2023-22467", "CVE-2023-28154"], "modified": "2023-06-08T21:56:13", "id": "24B1AE073C3E8B032429754E1E35B7D96539587DDA275F7A13183F44D07B88D2", "href": "https://www.ibm.com/support/pages/node/7002503", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:03:00", "description": "## Summary\n\nIBM has released the following fix for IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11252](<https://vulners.com/cve/CVE-2019-11252>) \n** DESCRIPTION: **Kubernetes kube-controller-manager could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of user credentials in error messages in the mount failure logs and events for AzureFile and CephFS volumes. By gaining access to the log files, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20699](<https://vulners.com/cve/CVE-2018-20699>) \n** DESCRIPTION: **Docker Engine is vulnerable to a denial of service, caused by a dockerd memory consumption issue. By using a large integer in a --cpuset-mems or --cpuset-cpus value, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8555](<https://vulners.com/cve/CVE-2020-8555>) \n** DESCRIPTION: **Kubernetes is vulnerable to server-side request forgery, caused by a flaw in the kube-controller-manager. By using a specially-crafted argument, a remote authenticated attacker could exploit this vulnerability to conduct SSRF attack to leak up to 500 bytes of arbitrary information from unprotected endpoints. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel >= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel >= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8551](<https://vulners.com/cve/CVE-2020-8551>) \n** DESCRIPTION: **Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11840](<https://vulners.com/cve/CVE-2019-11840>) \n** DESCRIPTION: **Golang golang-googlecode-go-crypto could allow a remote attacker to obtain sensitive information, caused by a flaw in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. By generating a specially-crafted keystream, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-43784](<https://vulners.com/cve/CVE-2021-43784>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by an integer overflow in netlink bytemsg length field. By sending a specially-crafted request, an attacker could exploit this vulnerability to override netlink-based container configuration to disable namespace protections entirely. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25737](<https://vulners.com/cve/CVE-2021-25737>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a host network hijacking flaw due to holes in EndpointSlice validation. By redirecting pod traffic to private networks on a Node, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202128](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202128>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-8554](<https://vulners.com/cve/CVE-2020-8554>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using LoadBalancer or ExternalIPs. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to patch the status of a LoadBalancer service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192721>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-25736](<https://vulners.com/cve/CVE-2021-25736>) \n** DESCRIPTION: **Kubernetes kube-proxy for Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the LoadBalancer controller does not set the \"status.loadBalancer.ingress[].ip\" field. An attacker could exploit this vulnerability to obtain traffic information forwarded to the local processes listening on the same port (\"spec.ports[*].port\") as a LoadBalancer Service, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-42248](<https://vulners.com/cve/CVE-2021-42248>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by a flaw in the gjson.Get function. By sending a specially-crafted JSON input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of requests in the API server. By sending a specially crafted proxy request directly to the backend, a remote attacker could exploit this vulnerability to establish a connection to create brokered services and deploy malicious code with elevated privileges. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-17142](<https://vulners.com/cve/CVE-2018-17142>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149973](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149973>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17143](<https://vulners.com/cve/CVE-2018-17143>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36067](<https://vulners.com/cve/CVE-2020-36067>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by slice bounds out of range. By using a specially-crafted GET call, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194240](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194240>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42836](<https://vulners.com/cve/CVE-2021-42836>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted JSON, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11841](<https://vulners.com/cve/CVE-2019-11841>) \n** DESCRIPTION: **Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160985](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160985>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-43565](<https://vulners.com/cve/CVE-2021-43565>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-27191](<https://vulners.com/cve/CVE-2022-27191>) \n** DESCRIPTION: **Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44907](<https://vulners.com/cve/CVE-2021-44907>) \n** DESCRIPTION: **Qs is vulnerable to a denial of service, caused by insufficient sanitization of property in the gs.parse function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222194](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222194>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-1002101](<https://vulners.com/cve/CVE-2017-1002101>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by using subpath volume mounts with any volume type. A remote authenticated attacker could exploit this vulnerability to access files/directories outside of the volume, including the host's filesystem. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140496](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140496>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20206](<https://vulners.com/cve/CVE-2021-20206>) \n** DESCRIPTION: **containernetworking cni could allow a remote authenticated attacker to traverse directories on the system. An attacker could load a specially-crafted network configuration containing \"dot dot\" sequences (/../) in the 'type' field to execute arbitrary files on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-25741](<https://vulners.com/cve/CVE-2021-25741>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange flaw in kubelet. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a container with subpath volume mounts to access files and directories outside of the volume. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-18367](<https://vulners.com/cve/CVE-2017-18367>) \n** DESCRIPTION: **libseccomp-golang could allow a remote attacker to bypass security restrictions, caused by improper handling of multiple syscall arguments. By specifying a single matching argument, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-27813](<https://vulners.com/cve/CVE-2020-27813>) \n** DESCRIPTION: **Gorilla WebSocket is vulnerable to a denial of service, caused by an integer overflow with the length of websocket frames received. By sending a specially-crafted websocket connection request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the HTTP Server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-16886](<https://vulners.com/cve/CVE-2018-16886>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by improper authentication in auth/store.go:AuthInfoFromTLS() when role-based access control (RBAC) is used and client-cert-auth is enabled. By sending a specially crafted REST API request to the gRPC-gateway, an attacker could exploit this vulnerability to bypass authentication. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3538](<https://vulners.com/cve/CVE-2021-3538>) \n** DESCRIPTION: **go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the UUIDs information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-16884](<https://vulners.com/cve/CVE-2019-16884>) \n** DESCRIPTION: **runc could allow a local attacker to bypass security restrictions, caused by a flaw in the libcontainer/rootfs_linux.go. By using a malicious volume, an attacker could exploit this vulnerability to bypass AppArmor restriction. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-10752](<https://vulners.com/cve/CVE-2020-10752>) \n** DESCRIPTION: **OpenShift API Server could allow a remote attacker to obtain sensitive information, caused by the leaking of OAuthTokens to log files when API Server panic occurred. By gaining access to the log files, an attacker could exploit this vulnerability to obtain OAuthTokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-30465](<https://vulners.com/cve/CVE-2021-30465>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange attack. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow host filesystem being bind-mounted into the container. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae On Openshift fix pack releases and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nRelease| Version \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.0 - v11.5.5.0-cn4 \nv11.5.5.1 - v11.5.5.1-cn3 \nv11.5.6.0 - v11.5.6.0-cn5 \nv11.5.7.0 - v11.5.7.0-cn4 \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 10 \nv4.0 through refresh 9 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data release containing the fix for these issues. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v4.0 refresh 9 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Please note: If the affected release is any refresh level of Cloud Pak for Data 3.5, it is strongly recommended to upgrade to Cloud Pak for Data 4.5.0 \nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.7.0-cn5\n\n| \n\n<https://www.ibm.com/docs/en/db2/11.5?topic=1157-upgrading-updating> \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv4.5.0\n\n| \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-29T17:05:30", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1002101", "CVE-2017-18367", "CVE-2018-1002105", "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2018-20699", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11252", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-11840", "CVE-2019-11841", "CVE-2019-16884", "CVE-2020-10752", "CVE-2020-14040", "CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29652", "CVE-2020-36067", "CVE-2020-7919", "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8554", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-9283", "CVE-2021-20206", "CVE-2021-25735", "CVE-2021-25736", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-27918", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-3538", "CVE-2021-41190", "CVE-2021-42248", "CVE-2021-42836", "CVE-2021-43565", "CVE-2021-43784", "CVE-2021-44716", "CVE-2021-44907", "CVE-2022-27191"], "modified": "2022-06-29T17:05:30", "id": "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "href": "https://www.ibm.com/support/pages/node/6599703", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "attackerkb": [{"lastseen": "2021-07-20T20:19:26", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.\n\n \n**Recent assessments:** \n \n**busterb** at October 10, 2019 7:24pm UTC reported:\n\nAs I understand it, most kubernetes clusters will require auth or a foothold to reach in the first place. Why would you bother with a DoS attack at that point? Much more attacker value to be had in exploiting the cluster in ways that don\u2019t bring it down.\n\nCompare authenticated: \n<https://www.shodan.io/search?query=kubernetes+401>\n\nAnd unauthenticated searches: \n<https://www.shodan.io/search?query=kubernetes+%21401>\n\nAssessed Attacker Value: 1 \nAssessed Attacker Value: 1Assessed Attacker Value: 1\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-17T00:00:00", "type": "attackerkb", "title": "Kubectl/API Server YAML parsing vulnerable to \"Billion Laughs\" Attack", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-07-24T00:00:00", "id": "AKB:3C42D63D-858B-4BE3-8C0E-3423577B453B", "href": "https://attackerkb.com/topics/fJf0WoJeyw/kubectl-api-server-yaml-parsing-vulnerable-to-billion-laughs-attack", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "symantec": [{"lastseen": "2021-06-08T19:01:35", "description": "### Description\n\nKubernetes API Server is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. The following products are affected: Kubernetes 1.0.0 through 1.12.x Kubernetes 1.13.0 through 1.13.11 Kubernetes 1.14.0 through 1.14.7 Kubernetes 1.15.0 through 1.15.4 Kubernetes 1.16.0 through 1.16.1\n\n### Technologies Affected\n\n * Cisco Container Platform \n * Kubernetes Kubernetes 1.0.0 \n * Kubernetes Kubernetes 1.10.0 \n * Kubernetes Kubernetes 1.10.1 \n * Kubernetes Kubernetes 1.10.10 \n * Kubernetes Kubernetes 1.10.11 \n * Kubernetes Kubernetes 1.10.12 \n * Kubernetes Kubernetes 1.10.2 \n * Kubernetes Kubernetes 1.10.3 \n * Kubernetes Kubernetes 1.10.4 \n * Kubernetes Kubernetes 1.10.5 \n * Kubernetes Kubernetes 1.10.6 \n * Kubernetes Kubernetes 1.10.7 \n * Kubernetes Kubernetes 1.10.8 \n * Kubernetes Kubernetes 1.10.9 \n * Kubernetes Kubernetes 1.11.0 \n * Kubernetes Kubernetes 1.11.1 \n * Kubernetes Kubernetes 1.11.2 \n * Kubernetes Kubernetes 1.11.3 \n * Kubernetes Kubernetes 1.11.4 \n * Kubernetes Kubernetes 1.11.5 \n * Kubernetes Kubernetes 1.11.6 \n * Kubernetes Kubernetes 1.11.7 \n * Kubernetes Kubernetes 1.11.8 \n * Kubernetes Kubernetes 1.11.9 \n * Kubernetes Kubernetes 1.12.0 \n * Kubernetes Kubernetes 1.12.1 \n * Kubernetes Kubernetes 1.12.10 \n * Kubernetes Kubernetes 1.12.2 \n * Kubernetes Kubernetes 1.12.3 \n * Kubernetes Kubernetes 1.12.4 \n * Kubernetes Kubernetes 1.12.5 \n * Kubernetes Kubernetes 1.12.6 \n * Kubernetes Kubernetes 1.12.7 \n * Kubernetes Kubernetes 1.12.9 \n * Kubernetes Kubernetes 1.13.0 \n * Kubernetes Kubernetes 1.13.11 \n * Kubernetes Kubernetes 1.13.3 \n * Kubernetes Kubernetes 1.13.4 \n * Kubernetes Kubernetes 1.13.5 \n * Kubernetes Kubernetes 1.13.6 \n * Kubernetes Kubernetes 1.13.8 \n * Kubernetes Kubernetes 1.13.9 \n * Kubernetes Kubernetes 1.14.0 \n * Kubernetes Kubernetes 1.14.2 \n * Kubernetes Kubernetes 1.14.3 \n * Kubernetes Kubernetes 1.14.4 \n * Kubernetes Kubernetes 1.14.5 \n * Kubernetes Kubernetes 1.14.7 \n * Kubernetes Kubernetes 1.15.0 \n * Kubernetes Kubernetes 1.15.1 \n * Kubernetes Kubernetes 1.15.2 \n * Kubernetes Kubernetes 1.15.4 \n * Kubernetes Kubernetes 1.16.0 \n * Kubernetes Kubernetes 1.16.1 \n * Redhat OpenShift Container Platform 3.10 \n * Redhat OpenShift Container Platform 3.11 \n * Redhat OpenShift Container Platform 3.9 \n * Redhat OpenShift Container Platform 4.1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-09-27T00:00:00", "type": "symantec", "title": "Kubernetes API Server CVE-2019-11253 Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2019-09-27T00:00:00", "id": "SMNTC-111263", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111263", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:24:37", "description": "Improper input validation in the Kubernetes API server in versions\nv1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2\nallows authorized users to send malicious YAML or JSON payloads, causing\nthe API server to consume excessive CPU or memory, potentially crashing and\nbecoming unavailable. Prior to v1.14.0, default RBAC policy authorized\nanonymous users to submit requests that could trigger this vulnerability.\nClusters upgraded from a version prior to v1.14.0 keep the more permissive\npolicy by default for backwards compatibility.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | kubernates is in fact a kubernetes installer that calls snap, not the package it self.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-17T00:00:00", "type": "ubuntucve", "title": "CVE-2019-11253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-10-17T00:00:00", "id": "UB:CVE-2019-11253", "href": "https://ubuntu.com/security/CVE-2019-11253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:05:33", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-17T16:15:00", "type": "alpinelinux", "title": "CVE-2019-11253", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-10-02T17:11:00", "id": "ALPINE:CVE-2019-11253", "href": "https://security.alpinelinux.org/vuln/CVE-2019-11253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gitlab": [{"lastseen": "2022-06-09T23:18:10", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-18T00:00:00", "type": "gitlab", "title": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2021-05-18T00:00:00", "id": "GITLAB-810ADA37F486B156C48C2FACE0963EC3", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/go%2Fk8s.io%2Fkubernetes%2Fpkg%2Fapiserver%2FCVE-2019-11253.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2023-08-30T18:58:57", "description": "CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. \n\nWhen creating a ConfigMap object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a \"Billion Laughs\" attack which is quite well known as an XML parsing issue.\n\nApplying this manifest to a cluster causes the client to hang for some time with considerable CPU usage.\n\n```yaml\napiVersion: v1\ndata:\n a: &a [\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\"]\n b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]\n c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]\n d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]\n e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]\n f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]\n g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]\n h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]\n i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]\nkind: ConfigMap\nmetadata:\n name: yaml-bomb\n namespace: default\n```", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-08T00:35:27", "type": "osv", "title": "Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2023-08-30T18:33:03", "id": "OSV:GHSA-74FP-R6JW-H4MP", "href": "https://osv.dev/vulnerability/GHSA-74fp-r6jw-h4mp", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:14:47", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-18T15:38:48", "type": "osv", "title": "XML Entity Expansion and Improper Input Validation in Kubernetes API server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2021-05-17T21:06:33", "id": "OSV:GHSA-PMQP-H87C-MR78", "href": "https://osv.dev/vulnerability/GHSA-pmqp-h87c-mr78", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:21:09", "description": "A denial-of-service vulnerability exists in Kubernetes API Server. An attacker can exploit this issue by sending a maliciously crafted JSON or YAML file causing the API server to consume excessive CPU or memory. A successful attack can cause the service to crash leading to a denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-26T00:00:00", "type": "checkpoint_advisories", "title": "Kubernetes API Server Denial Of Service (CVE-2019-11253)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2019-12-26T00:00:00", "id": "CPAI-2019-1443", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-13T14:29:05", "description": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-17T16:15:00", "type": "cve", "title": "CVE-2019-11253", "cwe": ["CWE-776"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2020-10-02T17:11:00", "cpe": ["cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/a:redhat:openshift_container_platform:3.10", "cpe:/a:kubernetes:kubernetes:1.12.10", "cpe:/a:redhat:openshift_container_platform:3.9"], "id": "CVE-2019-11253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:kubernetes:kubernetes:1.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2023-08-09T20:34:49", "description": "A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a \"billion laughs\" attack. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-02T08:51:08", "type": "redhatcve", "title": "CVE-2019-11253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2023-08-05T10:39:39", "id": "RH:CVE-2019-11253", "href": "https://access.redhat.com/security/cve/cve-2019-11253", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-04-18T13:47:58", "description": "github.com/docker/cli is vulnerable to denial of service. The vulnerability exists as it was possible to cause the billion laughs attack through parsing a malicious yaml file causing an application crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-02T02:49:42", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253"], "modified": "2022-10-04T15:00:10", "id": "VERACODE:21604", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21604/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-08-30T21:45:49", "description": "CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. \n\nWhen creating a ConfigMap object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a \"Billion Laughs\" attack which is quite well known as an XML parsing issue.\n\nApplying this manifest to a cluster causes the client to hang for some time with considerable CPU usage.\n\n```yaml\napiVersion: v1\ndata:\n a: &a [\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\",\"web\"]\n b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]\n c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]\n d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]\n e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]\n f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]\n g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]\n h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]\n i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]\nkind: ConfigMap\nmetadata:\n name: yaml-bomb\n namespace: default\n```", "cvss3": {}, "published": "2023-02-08T00:35:27", "type": "github", "title": "Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-11253"], "modified": "2023-08-30T18:33:05", "id": "GHSA-74FP-R6JW-H4MP", "href": "https://github.com/advisories/GHSA-74fp-r6jw-h4mp", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2019-11-03T07:11:39", "description": "Even as companies move to embrace cloud deployments and containers, most organizations with such deployments don\u2019t feel prepared to adequately secure cloud-native applications.\n\nAccording to StackRox\u2019 State of Container Security [report](<https://www.stackrox.com/assets/2018/11/report-the-state-of-container-security/>), which polled about 230 respondents in the U.S., more than a third of organizations worry that their security strategies don\u2019t adequately address container security. An additional 15 percent believe their strategies don\u2019t take seriously enough the threat to containers and, specifically, [Kubernetes deployments.](<https://threatpost.com/22k-open-vulnerable-containers-found-exposed-on-the-net/132898/>)\n\nPerhaps most concerning, more than one-third of respondents haven\u2019t started or are just creating their security strategy plans.[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/11/21133253/Stax-security-strategy.png>)\n\nOverall, the report paints the picture that despite rapid cloud and virtual server adoption, security is still lagging significantly.\n\nDigging into the sources of concern over container security, survey respondents focused on misconfigurations and runtime security (i.e., post-deployment) as their primary sources of concern.\n\nFifty-four percent of respondents said risks driven by misconfigurations and accidental exposures is their primary concern. The stat isn\u2019t that surprising given the rash of [high-profile cloud misconfigs](<https://threatpost.com/unprotected-server-exposes-weight-watchers-internal-it-infrastructure/132713/>) that have led to significant data exposures.\n\n\u201cHuman error has been responsible for creating the majority of security risks in every wave of infrastructure changes, and it\u2019s no di\ufb00erent with containers and Kubernetes,\u201d said Mark Bouchard, CEO of CyberEdge Group, told Threatpost. \u201cIt\u2019s crucial that the security tooling for this infrastructure automatically \ufb02ags the most well-known miscon\ufb01gurations across the full ecosystem.\u201d\n\nAnother 44 percent of survey respondents indicated that runtime, vs. the build and deploy phases, is what they\u2019re most concerned about from a security perspective.\n\nAs for who in the organization should take lead running container security, DevOps and DevSecOps top the list. This indicates that deeper container security planning, further integration among DevOps and security teams, and the more widespread adoption of key security technologies are necessary to increase the holistic security of containers and Kubernetes deployments, according to the report.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/11/21133109/Stax-Responsibility.png>)\n\n\u201cThe influence of DevOps and the fast uptake in containerization and Kubernetes have made application development more seamless, efficient and powerful than ever. Yet, our survey results show that security remains a significant challenge in enterprises\u2019 container strategies,\u201d said Kamal Shah, StackRox CEO. \u201cContainers provide a natural bridge for collaboration between DevOps and security teams but they also introduce unique risks that, if left unchecked, can create real risks for the enterprise.\u201d\n\nThe good news however, is that teams have started working together more to address these risks.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/11/21132949/Stax-DevOps.png>)\n", "cvss3": {}, "published": "2018-11-23T13:00:48", "type": "threatpost", "title": "ThreatList: One-Third of Firms Say Their Container Security Lags", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-11253", "CVE-2019-16276"], "modified": "2018-11-23T13:00:48", "id": "THREATPOST:639EA1C04C8045117A5A3480A9967CB7", "href": "https://threatpost.com/threatlist-container-security-lagging/139304/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-10T12:10:17", "description": "A pair of bugs in the Kubernetes open-source cloud container software can be \u201chighly dangerous\u201d under some Kubernetes configurations, according to researchers.\n\nThe flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2.\n\nExploitation of the first issue, CVE-2019-16276, is \u201cvery simple,\u201d according to Ariel Zelivansky and Aviv Sasson at Palo Alto Networks \u2013 and could allow an attacker to bypass authentication controls to access a container.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nAccording to the [bug report](<https://github.com/golang/go/issues/34540>), the high-severity flaw, is a HTTP protocol violation in the Go language\u2019s standard HTTP library, which is called net/http. The library is used for parsing HTTP requests.\n\nThis issue arises because in the HTTP specification, no whitespace is allowed in the request headers. The Palo Alto researchers noted [in a posting](<https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/>) on Wednesday that \u201cHTTP requests are comprised of a field-name, followed by a colon, then its value\u2026no whitespace is allowed between the header\u2019s field-name and colon\u2026.the net/http library interpreted headers with this whitespace the same as valid headers, in violation of the HTTP RFC.\u201d\n\nThe real-world effect of the bug becomes clear when you consider that the Kubernetes API server can be used for authentication and access control \u2013 as Palo Alto researchers pointed out, it can be \u201cconfigured to work with an Authenticating Proxy and identify users through request headers.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/17093326/kubernetes-bug-e1571320723599.png>)\n\nSource: Palo Alto Networks\n\nThanks to the bug, the proxy could ignore invalid headers and forward them to the Go server anyway, which would interpret these headers as valid. So, attackers could exploit the bug to authenticate as any user by crafting an invalid header that would go through to the server.\n\nPalo Alto provided an example: \u201cAn attacker may send the following request to the proxy: \u2018X-Remote-User : admin.\u2019 If the proxy is designed to filter X-Remote-User headers but doesn\u2019t recognize the header because it\u2019s invalid and forwards it to the Kubernetes API server [anyway], the attacker would successfully pass the API request with the roles of the \u2018admin\u2019 user.\u201d\n\nThose using Kubernetes with an authenticating proxy should update to Go 1.12.10, which patches the issue, as soon as possible, as well as upgrading their Kubernetes builds, the researchers advised.\n\nThe second vulnerability, CVE-2019-11253, renders the Kubernetes API server vulnerable to a denial-of-service attack, according to the [bug report](<https://github.com/kubernetes/kubernetes/issues/83253>). The attack can be aimed at the YAML/JSON parsing function with a method called \u201cYAML/JSON bombing,\u201d according to Zelivansky and Sasson, who rank the bug as high-severity.\n\nYAML and JSON are a data-serialization languages commonly used for configuration files and in applications where data is being stored or transmitted. The idea behind YAML/JSON bombing is to crash the YAML parser in the Kubernetes API server by exponentially loading it with references, which authorized users can do by sending high volumes of malicious YAML or JSON payloads.\n\n\u201cAlthough it may be brought up depending on its restart policy and restart limit, the attacker may abuse the attack and deliver it continuously,\u201d the researchers explained. \u201cWe recommend reviewing each role given to users, pods or anonymous users to determine if it is required, especially if it allows sending POST requests with a YAML file.\u201d\n\nZelivansky and Sasson noted that this particular bug actually resides in the YAML parser library itself, which is a third-party piece of code incorporated into Kubernetes.\n\n\u201cFortunately, [another patch](<https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5>) was written to resolve this problem at the go-yaml library level, preventing this attack in other projects that rely on its code,\u201d they noted.\n\nAffected users should upgrade to prevent attack, particularly given that cloud container technologies, which have become fixtures in much of today\u2019s cloud infrastructure, are increasingly on cybercriminals\u2019 radar. Earlier this week for instance, the \u201cGraboid\u201d worm was found [infecting more than 2,000 unsecured Docker Engine (Community Edition) hosts](<https://threatpost.com/docker-containers-graboid-crypto-worm/149235/>), looking to mine the Monero cryptocurrency.\n\nThis isn\u2019t the first flaw found in Kubernetes \u2013 last year a [critical privilege-escalation vulnerability](<https://threatpost.com/kubernetes-flaw-is-a-huge-deal-lays-open-cloud-deployments/139636/>) (CVE-2018-1002105) was uncovered that could allow an attacker unfettered, remote access for stealing data or crashing production applications.\n\nConnor Gilbert, senior product manager at StackRox, told Threatpost that the discovery of more vulnerabilities underscores the need to pay particular attention to securing this threat surface.\n\n\u201cWhen you run containers, you absolutely must secure your control plane API surface,\u201d he said. \u201cDocker, Kubernetes, and similar tools are extraordinarily powerful, so it is critical to secure their API servers. Recent vulnerabilities in Kubernetes highlight just how important it is to have a multi-layered security approach, including authentication, authorization, network firewalls and ongoing monitoring.\u201d\n\nIt\u2019s also wise to remember that containers make it tough for legacy security systems to peer inside to scan for malicious activity, according to James Condon, director of research at Lacework.\n\n\u201cWhen it comes to containers, traditional endpoint solutions may or may not flag malicious files and activity,\u201d he told Threatpost. \u201cThis could be due to the container\u2019s isolated file system or that the malicious files may appear clean when code functionality is split across multiple files. Therefore, it is important to scan images pre-deploy, only use images you trust, utilize a runtime solution that has proper container visibility, and implement network security monitoring.\u201d\n\n**_What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic on Oct. 23 will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "cvss3": {}, "published": "2019-10-17T14:25:39", "type": "threatpost", "title": "Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-1002105", "CVE-2019-11253", "CVE-2019-16276"], "modified": "2019-10-17T14:25:39", "id": "THREATPOST:FC19D0DEB6098A46E54D73010204C32B", "href": "https://threatpost.com/kubernetes-bugs-authentication-bypass-dos/149265/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-15T22:26:20", "description": "A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation (CNCF).\n\nThe Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling and management in the cloud. The culmination of 15 years of development experience, Google open-sourced the Kubernetes project in 2014. It is now maintained by the CNCF, whose community of volunteers will manage vulnerability processing and resolutions related to the bug-bounty program.\n\nBounties will range from $100 to $10,000. The [program\u2019s scope](<https://hackerone.com/kubernetes>) covers code from the main Kubernetes organizations on GitHub (Kubernetes has more than 100 certified distributions), as well as \u201ccontinuous integration, release and documentation artifacts,\u201d according to a Kubernetes security team post on Tuesday.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cBasically, most content you\u2019d think of as [\u2018core\u2019 Kubernetes](<https://github.com/kubernetes>)\u2026is in scope,\u201d according to the post.\n\nThe program\u2019s debut marks the release of one of the first bounty programs for underlying cloud infrastructure. \u201cSome open-source bug bounty programs exist, such as the Internet Bug Bounty, this mostly covers core components that are consistently deployed across environments; but most bug bounties are still for hosted web apps,\u201d according to the Kubernetes post.\n\n## In Scope, Out of Scope\n\nThe Kubernetes security team said it is particularly interested in cluster attacks, such as privilege escalations, authentication bugs and remote code execution in the kubelet or API server.\n\n\u201cAny information leak about a workload, or unexpected permission changes is also of interest,\u201d they wrote. \u201cStepping back from the cluster admin\u2019s view of the world, you\u2019re also encouraged to look at the Kubernetes supply chain, including the build-and-release processes, which would allow any unauthorized access to commits, or the ability to publish unauthorized artifacts.\u201d\n\nThe project\u2019s community management tools, such as the Kubernetes mailing lists or Slack channel, are out-of-scope, as are container escapes, attacks on the Linux kernel or other issues arising from dependencies \u2013 these should be reported to the appropriate party instead.\n\nGoogle also plans to be intimately involved in the program, which has been running in beta mode with invite-only researchers up until now.\n\n\u201cKubernetes already has a robust security team and response process, further cemented by the recent [Kubernetes security audit](<https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf>),\u201d according to a statement by Maya Kaczorowski, product manager for container security at Google Cloud, which first proposed the bug-bounty program.\n\n\u201cWe have a stronger and more secure open-source project than we\u2019ve ever had before. By launching a bug-bounty program, we\u2019re putting our money where our mouth is \u2013 and most importantly, rewarding the researchers already doing this important work. We hope to attract additional security researchers to get more eyes on the code, shakeout security bugs, and back up our work on Kubernetes security with financial support,\u201d Kaczorowski said.\n\n## Securing the Cloud\n\nCloud security is coming more and more in to focus as companies look to achieve high-velocity operations and take advantage of the efficiencies that digital transformation can bring.\n\n\u201cThe cloud allows companies to move quickly and be more agile so they can provide benefits to customers more quickly,\u201d Reed Loden, director of security at HackerOne, told Threatpost. \u201cWith the standardization cloud technology delivers to companies across the globe comes similar problems across websites hosted on the same cloud provider. This both makes it easier for attackers to exploit multiple websites and simplifies the process for defenders to learn and improve at a faster clip as they unearth common issues.\u201d\n\nHowever, with uniformity comes documentation, \u201callowing friendly hackers and companies to learn from each other to avoid the common mistakes,\u201d he added. \u201cWhen companies and researchers work together they can better improve defenses and build a safer internet.\u201d\n\nKubernetes has had its share of vulnerabilities. Last October for instance a pair of bugs, CVE-2019-16276 and CVE-2019-11253, [were found](<https://threatpost.com/kubernetes-bugs-authentication-bypass-dos/149265/>) that could allow an attacker to trivially bypass authentication controls to access a container. And earlier, a [critical privilege-escalation vulnerability](<https://threatpost.com/kubernetes-flaw-is-a-huge-deal-lays-open-cloud-deployments/139636/>) (CVE-2018-1002105) was uncovered that could allow an attacker unfettered, remote access for stealing data or crashing production applications.\n\n\u201cMoving servers from on-premise to the cloud comes with substantial benefits and risks \u2014 good and bad,\u201d Loden told Threatpost. \u201cYou can build software right using cloud or you can build it wrong using cloud, just like anything else.\u201d\n\n_**Concerned about mobile security? **_[**Check out our free Threatpost webinar,**](<https://attendee.gotowebinar.com/register/7679724086205178371?source=art>) _**Top 8 Best Practices for Mobile App Security**__**, on Jan. 22 at 2 p.m. ET. **_**_Poorly secured apps can lead to malware, data breaches and legal/regulatory trouble. Join our experts to discuss the secrets of building a secure mobile strategy, one app at a time._** [_**Click here to register**_](<https://attendee.gotowebinar.com/register/7679724086205178371?source=art>)_**.**_\n", "cvss3": {}, "published": "2020-01-14T17:00:28", "type": "threatpost", "title": "Public Bug Bounty Takes Aim at Kubernetes Container Project", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-1002105", "CVE-2019-11253", "CVE-2019-16276"], "modified": "2020-01-14T17:00:28", "id": "THREATPOST:DFF8ED339B7012ECBA9C67651AC4441A", "href": "https://threatpost.com/bounty-program-kubernetes-container/151824/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-17T19:39:33", "description": "Researchers have found that a popular Internet of Things real-time operating system \u2013 FreeRTOS \u2013 is riddled with serious vulnerabilities.\n\nThe bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices\u2019 memory, and take them over. And while patches have been issued, researchers warn that it still may take time for smaller vendors to update.\n\nResearcher Ori Karliner, with Zimperium\u2019s zLabs team, recently analyzed some of the leading operating systems in the IoT market \u2013 including FreeRTOS, an open-source OS specifically designed for the microcontrollers that are within IoT devices. Within several versions of FreeRTOS, Karliner found 13 vulnerabilities enabling an array of attacks, including remote code execution, information leak and denial-of-service bugs.\n\n\u201cDuring our research, we discovered multiple vulnerabilities within FreeRTOS\u2019s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\\SafeRTOS,\u201d according to a Thursday [post](<https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/>) by zLabs.\n\nFreeRTOS provides an OS for microcontrollers, which vendors can bundle together with other components in IoT devices and solutions \u2013 including the TCP/IP stack, connectivity modules, and over the air (OTA) updates.\n\nThe kernel has gained traction in the IoT market, and in 2017, [Amazon](<https://aws.amazon.com/freertos/>) took stewardship of the OS and extended the FreeRTOS kernel to its with software libraries \u2013 so IoT devices could be connected to AWS cloud services like AWS IoT Core.\n\nSpecifically impacted by these vulnerabilities was FreeRTOS V10.0.1 and below (with FreeRTOS+TCP), and AWS FreeRTOS V1.3.1 and below.\n\nAlso affected are FreeRTOS\u2019 commercial version WHIS OpenRTOS, and its \u201csafety-oriented\u201d version SafeRTOS which is based on the functional model of FreeRTOS, and is certified for use in safety critical systems.\n\nThe vulnerabilities specifically exist in FreeRTOS\u2019s TCP/IP stack and in the AWS secure connectivity modules (in as well as in the WHIS Connect TCP/IP component for OpenRTOS\\SafeRTOS).\n\nThese vulnerabilities include four remote code execution bugs (CVE-2018-16522, CVE-2018-16525, CVE-2018-16526, and CVE-2018-16528); seven information leak vulnerabilities (CVE-2018-16524, CVE-2018-16527, CVE-2018-16599, CVE-2018-16600, CVE-2018-16601, CVE-2018-16602, CVE-2018-16603) one denial of service flaw (CVE-2018-16523) and a final (CVE-2018-16598) that was unspecified.\n\nzLabs said it has disclosed the security issues to Amazon and collaborated with them to patch the vulnerabilities. Those fixes were deployed for AWS FreeRTOS versions 1.3.2 and onwards. The vulnerabilities in RTOS WHIS were also patched.\n\nAmazon did not respond to a request for comment from Threatpost.\n\nDue to the amount of vendors impacted by the bugs, the researchers said that they would hold off on publishing further details until all holes have been sealed.\n\n\u201cSince this is an open source project, we will wait for 30 days before publishing technical details about our findings, to allow smaller vendors to patch the vulnerabilities,\u201d they said.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/10/19110303/Screen-Shot-2018-10-19-at-11.00.29-AM.png>)\n\nWhile zLabs didn\u2019t specify the number of devices impacted, FreeRTOS is a big OS in the IoT landscape, and has been ported to over 40 hardware platforms in the past 14 years. In fact, in a 2017 [survey](<https://m.eet.com/media/1246048/2017-embedded-market-study.pdf>) by Aspencore, FreeRTOS was the top pick by IT professionals when asked which operating system they are considering using in the next 12 months.\n\nThe number of connected devices continues to plague the community with worries about how they are concerned \u2013 particularly since a 2016 Mirai [botnet](<https://threatpost.com/mirai-fueled-iot-botnet-behind-ddos-attacks-on-dns-providers/121475/>) mounted a distributed denial of service (DDoS) attack through 300,000 vulnerable IoT devices, like webcams, routers and video recorders.\n\nSince then, from connected cars to power grids, the impact of IoT security issues seem to be getting graver (including privacy issues in connected consumer devices and the potential for dangerous industrial IoT system hacks).\n\nAt the same time, the sheer scope of potential attack vectors is proliferating. For instance, [Google Home](<https://threatpost.com/google-home-chromecast-leak-location-information/132912/>) devices, [smart plugs](<https://threatpost.com/belkin-iot-smart-plug-flaw-allows-remote-code-execution-in-smart-homes/136732/>) and [smart padlocks](<https://threatpost.com/unbreakable-smart-lock-tapplock-issues-critical-security-patch/132918/>) have all recently been in the spotlight for security flaws.\n\nFreeRTOS and SafeRTOS, for their part, \u201chave been used in a wide variety of industries: IoT, Aerospace, Medical, Automotive, and more,\u201d according to the company\u2019s post. \u201cDue to the high risk nature of devices in some of these industries, zLabs decided to take a look at the connectivity components that are paired with these OS\u2019s. Clearly, devices that have connectivity to the outside world are at a higher degree of risk of being attacked.\u201d\n", "cvss3": {}, "published": "2018-10-19T15:24:09", "type": "threatpost", "title": "AWS FreeRTOS Bugs Allow Compromise of IoT Devices", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-16522", "CVE-2018-16523", "CVE-2018-16524", "CVE-2018-16525", "CVE-2018-16526", "CVE-2018-16527", "CVE-2018-16528", "CVE-2018-16598", "CVE-2018-16599", "CVE-2018-16600", "CVE-2018-16601", "CVE-2018-16602", "CVE-2018-16603", "CVE-2019-11253", "CVE-2019-16276"], "modified": "2018-10-19T15:24:09", "id": "THREATPOST:370E8753340A65AA22C611DB35A611BA", "href": "https://threatpost.com/aws-freertos-bugs-allow-compromise-of-iot-devices/138455/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2023-06-13T15:42:33", "description": "Updates of ['e2fsprogs', 'sysstat', 'rsyslog', 'kubernetes', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-23T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0184", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2019-16167", "CVE-2019-16168", "CVE-2019-17041", "CVE-2019-17042", "CVE-2019-5094"], "modified": "2019-10-23T00:00:00", "id": "PHSA-2019-0184", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-184", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:50:28", "description": "Updates of ['binutils', 'kubernetes', 'python2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-09-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0031", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1010204", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11253", "CVE-2019-16056"], "modified": "2019-09-27T00:00:00", "id": "PHSA-2019-0031", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-31", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-10-01T10:24:37", "description": "Updates of ['python2', 'binutils', 'kubernetes'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-09-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-3.0-0031", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12697", "CVE-2018-12698", "CVE-2018-12934", "CVE-2019-1010204", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11253", "CVE-2019-16056", "CVE-2022-48063"], "modified": "2019-09-28T00:00:00", "id": "PHSA-2019-3.0-0031", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-31", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T17:49:36", "description": "An update of {'openssl', 'apache-tomcat', 'sqlite-autoconf', 'yarn', 'dbus', 'go', 'kubernetes', 'sudo'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-15T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0264", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218"], "modified": "2020-01-15T00:00:00", "id": "PHSA-2020-1.0-0264", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-264", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T16:59:03", "description": "Updates of ['sudo', 'dbus', 'sqlite-autoconf', 'apache-tomcat', 'yarn', 'go', 'openssl', 'bindutils', 'kubernetes'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0264", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471"], "modified": "2020-01-15T00:00:00", "id": "PHSA-2020-0264", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-264", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:49", "description": "kubernetes\n[1.12.10-1.0.10]\n- [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS\n[1.12.10-1.0.9]\n- Define rolling update for flannel\n[1.12.10-1.0.8]\n- Modify flannel/dashboard image tags to use images that have the cve fix\nkubeadm-ha-setup\n[0.0.2-1.0.68]\n- Pull image prior to update and fix image repo for addons\n[0.0.2-1.0.67]\n- Bump golang build version\n[0.0.2-1.0.66]\n- [CVE-2019-16276] Support patching flannel/dashboard on upgrade\n[0.0.2-1.0.65]\n- [CVE 2019-16276] Support deploygin 1.12 and 1.13 with CVE patched\n[0.0.2-1.0.64]\n- [CVE-2019-16276] Support patching etcd on upgrade\n[0.0.2-1.0.63]\n- [CVE-2019-16276] while upgrading a cluster patch the coredns image\n[0.0.2-1.0.62]\n- CVE-2019-16276 : Update flannel , etcd coredns and dashboard images.\n[0.0.2-1.0.61]\n- Added Support for 1.13.11 and removed support for 1.13.10\n[0.0.2-1.0.59]\n- Remove Support for 1.14.6\n[0.0.2-1.0.58]\n- Replacing reference to kubernetes-dashboard-amd64 with kubernetes-dashboard\n[0.0.2-1.0.57]\n- Support 1.12.10\n[0.0.2-1.0.56]\n- Support 1.14.6\n[0.0.2-1.0.55]\n- Support 1.13.10\n[0.0.2-1.0.54]\n- Support 1.13.9", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-01-31T00:00:00", "type": "oraclelinux", "title": "kubernetes security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11244", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-16276", "CVE-2019-9512"], "modified": "2020-01-31T00:00:00", "id": "ELSA-2019-4816", "href": "http://linux.oracle.com/errata/ELSA-2019-4816.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:51", "description": "kubernetes\n[1.12.10-1.0.11]\n- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads\n[1.12.10-1.0.10]\n- [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS\n[1.12.10-1.0.9]\n- Define rolling update for flannel\n[1.12.10-1.0.8]\n- Modify flannel/dashboard image tags to use images that have the cve fix\n[1.12.10-1.0.7]\n- [CVE-2019-11253] Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack\n[1.12.10-1.0.6]\n- [CVE-2019-16276] bump golang to 1.12.10\n[1.12.10-1.0.5]\n- added THIRD_PARTY_LICENSES.txt file\n[1.12.10-1.0.4]\n- fix for CVE-2019-11251\n[1.12.10-1.0.3]\n- replacing references to kubernetes-dashboard-amd64 with kubernetes-dashboard\n[1.12.10-1.0.2]\n- Added Oracle specific build files for Kubernetes\nkubeadm-ha-setup\n[0.0.2-1.0.69]\n- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads\n[0.0.2-1.0.68]\n- Pull image prior to update and fix image repo for addons\n[0.0.2-1.0.67]\n- Bump golang build version\n[0.0.2-1.0.66]\n- [CVE-2019-16276] Support patching flannel/dashboard on upgrade\n[0.0.2-1.0.65]\n- [CVE 2019-16276] Support deploygin 1.12 and 1.13 with CVE patched\n[0.0.2-1.0.64]\n- [CVE-2019-16276] Support patching etcd on upgrade\n[0.0.2-1.0.63]\n- [CVE-2019-16276] while upgrading a cluster patch the coredns image\n[0.0.2-1.0.62]\n- CVE-2019-16276 : Update flannel , etcd coredns and dashboard images.\n[0.0.2-1.0.61]\n- Added Support for 1.13.11 and removed support for 1.13.10\n[0.0.2-1.0.59]\n- Remove Support for 1.14.6\n[0.0.2-1.0.58]\n- Replacing reference to kubernetes-dashboard-amd64 with kubernetes-dashboard\n[0.0.2-1.0.57]\n- Support 1.12.10\n[0.0.2-1.0.56]\n- Support 1.14.6\n[0.0.2-1.0.55]\n- Support 1.13.10\n[0.0.2-1.0.54]\n- Support 1.13.9\n[0.0.2-1.0.53]\n- Mark 1.14 as a developer build\n[0.0.2-1.0.52]\n- Restore fails when trying to restore after a failed update\n[0.0.2-1.0.51]\n- Minor version update doesn't update kubeadm on all master nodes\n[0.0.2-1.0.50]\n- Make k8s 1.14 specific changes\n[0.0.2-1.0.49]\n- Remove 1.10 and 1.11 version since they are incompatable\n[0.0.2-1.0.48]\n- Support deploying 5 master nodes\n[0.0.2-1.0.47]\n- Only update/upgrade the controlplane images if they changed in the Release object\n[0.0.2-1.0.46]\n- Fix version comparison function during upgrade\n[0.0.2-1.0.45]\n- Fix rpm version compare\n- Allow kubernetes updates for patch version\n[0.0.2-1.0.44]\n- Allow assume yes to deploy a single master without the prompt\n[0.0.2-1.0.43]\n- Post cluster creation should check only for master nodes\n[0.0.2-1.0.42]\n- Update keepalived check api server to ensure we are grepping the correct IP\n[0.0.2-1.0.41]\n- Make ha.yaml an optional argument in the cli for single master cluster\n[0.0.2-1.0.40]\n- Add pod cidr default and refactor ha.yaml example\n[0.0.2-1.0.39]\n- Remove features: feature1_13=true from config\n[0.0.2-1.0.38]\n- Default kubernetes version to latest production version\n[0.0.2-1.0.37]\n- Fix keepalived issue when firewalld is disable\n[0.0.2-1.0.36]\n- Default kubernetes version to latest production version\n[0.0.2-1.0.35]\n- Add addons template and config files\n[0.0.2-1.0.34]\n- Enhance tests\n[0.0.2-1.0.33]\n- fix regression of previous firewall fix\n[0.0.2-1.0.32]\n- Fix firewall issues during restore\n[0.0.2-1.0.31]\n- Fix firewall issues\n[0.0.2-1.0.30]\n- Enhance output while validating the system\n[0.0.2-1.0.29]\n- Fix DR in 1.13\n[0.0.2-1.0.28]\n- Fix apiserver_cert_extra_sans for 1.13 clusters\n[0.0.2-1.0.27]\n- Fix update/upgrade output message\n[0.0.2-1.0.26]\n- Fix major upgrade\n[0.0.2-1.0.25]\n- Add registry migration\n[0.0.2-1.0.24]\n- Return stdout and stderr from Run function to allow the caller decided what to display\n[0.0.2-1.0.23]\n- Proxy variable is inherited in remote master\n[0.0.2-1.0.22]\n- The Trim function doesn't work for replacing strings\n- Upgrade should use the pause container instead of pause-amd64\n[0.0.2-1.0.21]\n- Include 1.12.7 image and update 1.13 and metric servers info\n[0.0.2-1.0.20]\n- Support new registries and allow for password to have a colon\n[0.0.2-1.0.19]\n- --force flag for full restore\n[0.0.2-1.0.18]\n- Change update help message\n[0.0.2-1.0.17]\n- Change update message, add ha install command and ask for confirmation\n[0.0.2-1.0.16]\n- Change upgrade command name to update\n[0.0.2-1.0.15]\n- Fix upgrade for point release\n[0.0.2-1.0.14]\n- Move file.go to config.go\n[0.0.2-1.0.13]\n- Feature Flag 1.13 code\n[0.0.2-1.0.12]\n- Add support of upgrading HA master nodes\n[0.0.2-1.0.11]\n- Support deploying Kubernetes version 1.13.2\n[0.0.2-1.0.10]\n- CVE-2018-16875\n[0.0.2-1.0.9]\n- Add timeout to Run() (gitlab issues #3)\n- Rename path to linux-git.us.oracle.com/Kubernetes\n[0.0.2-1.0.8]\n- Remove releases.json dependency\n[0.0.2-1.0.7]\n- Pin dependent kubernetes packages\n[0.0.2-1.0.6]\n- Update deps for kube 1.13\n[0.0.2-1.0.5]\n- Add test runner in makefile and execute it in CI/CD\n[0.0.2-1.0.4]\n- Fix backup path issue again found by Tom Cocozzello\n[0.0.2-1.0.3]\n- [Orabug 29152516] Backup and restore /var/lib/kubelet/kubeadm-flags.env too\n- Cleanup kube-ipvs0 interface too\n- More code cleanup\n- Use map for checking kernel module\n- Fix client joining errors\n- Addressing Tom Cocozzello's review\n- Enabling IPVS in HA\n[0.0.2-1.0.2]\n- Update dashboard image (CVE-2018-18264)\n[0.0.2-1.0.1]\n- Allow Oracle certified addons to be installed via cli\n[0.0.1-2.0.9]\n- Use 'dep ensure' to clean up symlinks in the vendor directory\n[0.0.1-2.0.5]\n- Clean up un-used build scripts\n[0.0.1-2.0.4]\n- Add Makefile for building and testing code\n[0.0.1-2.0.3]\n- Fix file restore issue when it contains './'\n[0.0.1-2.0.2]\n- Resolve the full filepath when '.' is passed in\n- Addressing review by Muminul Islam\n[0.0.1-2.0.1]\n- Remove 'firewall-cmd --reload' as it can hangs OCI\n- Fix some errors reported by Shubham\n- Error out if options is not currently supported in HandleEtcdOps\n- Fix down issue\n- Dump log output to /var/log/kubeadm-ha-setup\n[0.0.1-1.0.37]\n- Fix kubernetes version\n- Include log printing when error occurs\n- Fix client.go regression due to new down function\n[0.0.1-1.0.36]\n- Remove Godeps, using dep for now\n- Check if image is not set before referencing\n- Rename getEtcdConfigV2 to getEtcdConfig\n- Adding down functionality\n- Update ha.yaml file\n[0.0.1-1.0.35]\n- Removing etcd.go\n- Addressing Tom Cocozzello review\n- [Orabug 28977571]\n[0.0.1-1.0.34]\n- Enabling full restore on HA master and single master\n- Cleanup\n- Enable single master backup\n- Double the context request timeout\n- Implement retryable AddMember\n[0.0.1-1.0.33]\n- Modified DR for One node case to use new etcd API\n- Enhanced the helper scripts such that it will error out\n- HealthCheck re-implementation\n[0.0.1-1.0.32]\n- Update dashboard image\n[0.0.1-1.0.31]\n- Needs to be run as a privileged user\n- Enable CoreDNS as default\n[0.0.1-1.0.30]\n- Enable single master setup\n[0.0.1-1.0.29]\n- Redesigned for setting up v1.12 HA clusters\n[0.0.1-1.0.28]\n- Fixes for v1.11\n- Addressing Laszlo Peter review\n- Addressing Daniel Krasinski review\n[0.0.1-1.0.27]\n- Fix build failure\n- Add UPL LICENSE\n- Fix the usage of defer\n- Re-try when docker pull image gets a timeout\n- Refactor SetupCreds()\n- Remove --force flag for restore\n- When something fail, we should lenghten the timeout time\n[0.0.1-1.0.26]\n- When context timed out catch it and print stdout, stderr\n[0.0.1-1.0.25]\n- Check output from docker client and probe for error\n[0.0.1-1.0.24]\n- Properly parse if repo has a special ':' character\n[0.0.1-1.0.23]\n- Checking the total nodes would be better implementation\n- Fixup etcd add member errors\n[0.0.1-1.0.22]\n- Pod count could be >= 20\n- Remove port 30000-32767/tcp check for client node\n- Querying k8s cluster health instead of etcd for backup\n- Cosmestic fix\n- Etcd one node restore problems\n[0.0.1-1.0.21]\n- Check whether repo needs auth even in one node restore case\n- Fixup the restore script\n- docker pull image change in behavior in 18.03\n- Include client side image repo checking too\n- Provide a full repo path for comparison\n- Make kubernetes_developer as the sample repo\n- Use strings.Contains to compare strings\n- Fix README\n- Initial README\n- Include changes in kube.go\n[0.0.1-1.0.20]\n- In OCI LB can takes time to setup properly\n- Fix random string\n- [Orabug 28445064]\n- Replace RunCmdExec() with just Run()\n- Sanity check for # of master\n- Make kubeadm token default to be random\n[0.0.1-1.0.19]\n- Check if docker exec etcd returns Error\n- Check env first before trying to pull image\n- [Orabug 28461826]\n[0.0.1-1.0.18]\n- Fixing LB, kubelet, kubectl-proxy\n- Add a DEBUG flag for more verbose output\n[0.0.1-1.0.17]\n- Don't loop forever in client, make Run() more consistent in master\n- Fixup LB for OCI\n- Add apiserver-bind-port capability\n[0.0.1-1.0.17]\n- Include apiserver_cert_extra_sans and service_cidr\n[0.0.1-1.0.16]\n- Include restoring keepalived for one and full restore\n- For Full Restore we need to first clean up before anything else\n- Clean up DR, make backup check etcd health first\n- Properly clean-up flannel.1 and cni0\n[0.0.1-1.0.15]\n- DR code cleanup\n- Changed permission on the created dir to 0755\n- Fix filename not found error\n[0.0.1-1.0.14]\n- Don't panic()\n- In One node restore case verify the ca.crt MD5SUM\n- Full DR feature\n- Redesign of the DR\n- Include file and its line number for logging\n- Put the binary full path\n- Re-arrange varibles for ssh.go\n- Separate etcd cli to another file (etcd.go)\n- Addition to kubectl cli\n- Check if MyIP for local node is missing/empty\n[0.0.1-1.0.13]\n- Replace binary names\n- Include the ability to re-try master setup\n[0.0.1-1.0.12]\n- Renamed the whole REPO to kubeadm-ha-setup\n- Don't print out more logs as necessary\n[0.0.1-1.0.12]\n- Enhance ssh/sftp code\n[0.0.1-1.0.11]\n- Change the storePath\n- Include keepalived backup and change backup.sh/restore.sh\n[0.0.1-1.0.10]\n- Continuing on the restore part\n- Make the script to query all KUBEDIR directory from a single file\n- Consolidate KUBEDIR\n- Make systemd related file 0644\n[0.0.1-1.0.9]\n- Fixup the hardcoded directory as such we are reading from only limited source\n- Include the Docker API for restore\n- Initial implementation of DR\n[0.0.1-1.0.8]\n- Fixup kubeadm-setup join\n- systemctl enable kubelet\n[0.0.1-1.0.7]\n- Fix LoadBalancer to take care of extra steps\n[0.0.1-1.0.6]\n- Cleanup some stdout\n- Add token field in ha.yaml for ease of automated setup\n[0.0.1-1.0.5]\n- If Loadbalancer is preferred/used\n[0.0.1-1.0.4]\n- Remove goroutine sleep - unnecessary\n- Provides structure to store required files and cert files\n- Fix merge errors\n[0.0.1-1.0.3]\n- Create /run/kubeadm w-w/o --skip\n[0.0.1-1.0.2]\n- NoHA and LoadBalancer\n[0.0.1-1.0.1]\n- Initial build\nkubeadm-upgrade\n[0.0.1-1.0.28]\n-- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads\n[0.0.1-1.0.27]\n-- [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS\n[0.0.1-1.0.26]\n-- Create log folder before any log write or error exit [ orabug: 29806186 ]\n[0.0.1-1.0.25]\n-- Enforce exit on errors\n[0.0.1-1.0.24]\n-- Dashboard yaml location was moved in Kubernetes 1.12.7\n[0.0.1-1.0.23]\n-- Detect latest kubernetes version from yum\n[0.0.1-1.0.22]\n-- Bump up 1.12.7 version for coredns fix\n[0.0.1-1.0.21]\n-- CVE-2019-9946\n[0.0.1-1.0.20]\n-- CVE-2019-1002101\n[0.0.1-1.0.19]\n-- Bump up 1.12.6 version\n[0.0.1-1.0.18]\n-- Upgrade from 1.9 to 1.12 fails\n[0.0.1-1.0.17]\n-- Update the Kubernetes version to include the conntrack fix\n[0.0.1-1.0.16]\n-- CVE-2019-1002100\n[0.0.1-1.0.15]\n-- CVE-2018-1002105\n[0.0.1-1.0.14]\n-- Fix kube version for 1.10.5\n[0.0.1-1.0.13]\n-- Updating 1.10 and 1.11 version for CVE fixes\n-- Include flannel and dashboard upgrade\n[0.0.1-1.0.12]\n-- Upgrade to 1.12.5-2.1.1\n[0.0.1-1.0.11]\n-- Upgrade to 1.12.5\n[0.0.1-1.0.10]\n-- Add license info to the script\n[0.0.1-1.0.9]\n-- Add license file\n[0.0.1-1.0.8]\n-- Fix the bug on number of CPU checking\n[0.0.1-1.0.7]\n-- Use install instead of update for a specifc 1.12 version\n[0.0.1-1.0.6]\n-- Upgrade cluster to 1.12.3-* version only\n[0.0.1-1.0.5]\n-- Add exit handler to gather logs on failure\n[0.0.1-1.0.4]\n-- Enhance logging and check return code after kubeadm apply. Checking CPU and Memory of the system\n[0.0.1-1.0.3]\n-- Change REPO_PREFIX to use a single repo, increased timeout during cluster health check\n[0.0.1-1.0.2]\n-- Added comments and fix rpm name\n[0.0.1-1.0.1]\n- Upgrade to 1.12.3", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-17T00:00:00", "type": "oraclelinux", "title": "kubernetes kubeadm-ha-setup kubeadm-upgrade security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002105", "CVE-2018-16875", "CVE-2018-18264", "CVE-2019-1002100", "CVE-2019-1002101", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-16276", "CVE-2019-9946"], "modified": "2020-04-17T00:00:00", "id": "ELSA-2020-5654", "href": "http://linux.oracle.com/errata/ELSA-2020-5654.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "kitploit": [{"lastseen": "2023-10-01T13:27:52", "description": "[](<https://1.bp.blogspot.com/-JeZ6iIg4ybA/YLcuC2qo4HI/AAAAAAAAXk8/Exp1sNi-whoUTpfq1BCbDLDi0TOKgJIPgCNcBGAsYHQ/s484/metarget.png>)\n\n \n\n\n**1 Introduction** \n\n\nMetarget = `meta-` \\+ `target`, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically.\n\n \n**1.1 Why Metarget?** \n\n\nDuring security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spent on testing PoC or ExP is comparatively short. In the field of cloud native security, thanks to the complexity of cloud native systems, this issue is more terrible.\n\nThere are already some excellent security projects like [Vulhub](<https://github.com/vulhub/vulhub> \"Vulhub\" ), [VulApps](<https://github.com/Medicean/VulApps> \"VulApps\" ) in the open-source community, which pack vulnerable scenes into container images, so that researchers could utilize them and deploy scenes quickly.\n\nHowever, these projects mainly focus on [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) in applications. What if we need to study the vulnerabilities in the infrastructures like Docker, Kubernetes and even Linux kernel?\n\nHence, we develop Metarget and hope to solve the deployment issue above to some extent. Furthermore, we also expect that Metarget could help to construct **multilayer** vulnerable cloud native scenes automatically.\n\n \n**1.2 Install Vulnerability!** \n\n\nIn this project, we come up with concepts like _installing vulnerabilities_ and _installing vulnerable scenes_. Why not install vulnerabilities just like installing softwares? We can do that, because our goals are security research and offensive security.\n\nTo be exact, we expect that:\n\n * `metarget cnv install cve-2019-5736` will install Docker with CVE-2019-5736 onto the server.\n * `metarget cnv install cve-2018-1002105` will install Kubernetes with CVE-2018-1002105 onto the server.\n * `metarget cnv install kata-escape-2020` will install Kata-containers with CVE-2020-2023/2025/2026 onto the server.\n * `metarget cnv install cve-2016-5195` will install a kernel with DirtyCoW into the server.\n\nIt's cool, right? No more steps. No RTFM. Execute one command and enjoy your coffee.\n\nFurthermore, we expect that:\n\n * with Metarget's help, ethical hackers are able to deploy simple or complicated cloud native targets swiftly and learn by hacking cloud native environments.\n * `metarget appv install dvwa` will install a [DVWA](<https://github.com/digininja/DVWA> \"DVWA\" ) target onto our vulnerable infrastructure.\n * `metarget appv install thinkphp-5-0-23-rce --external` will install a ThinkPHP RCE [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) with `NodePort` service onto our vulnerable infrastructure.\n\nYou can just run 5 commands below after installing a new Ubuntu and obtain a multi-layer vulnerable scene:\n \n \n ./metarget cnv install cve-2016-5195 # container escape with dirtyCoW \n ./metarget cnv install cve-2019-5736 # container escape with docker \n ./metarget cnv install cve-2018-1002105 # kubernetes single-node cluster with cve-2018-1002105 \n ./metarget cnv install privileged-container # deploy a privileged container \n ./metarget appv install dvwa --external # deploy dvwa target\n\nRCE, container escape, lateral movement, persistence, they are yours now.\n\nMore awesome functions are coming! Stay tuned :)\n\nNote:\n\nThie project aims to provide vulnerable scenes for security research. The security of scenes generated is not guaranteed. It is **NOT** recommended to deploy components or scenes with Metarget on the Internet.\n\n \n**2 Usage** \n \n**2.1 Basic Usage** \n\n \n \n usage: metarget [-h] [-v] subcommand ... \n \n automatic constructions of vulnerable infrastructures \n \n positional arguments: \n subcommand description \n gadget cloud native gadgets (docker/k8s/...) management \n cnv cloud native vulnerabilities management \n appv application vulnerabilities management \n \n optional arguments: \n -h, --help show this help message and exit \n -v, --version show program's version number and exit \n \n\nRun `./metarget gadget list` to see cloud native components supported currently.\n\n \n**2.2 Manage [Cloud Native](<https://www.kitploit.com/search/label/Cloud%20Native> \"Cloud Native\" ) Components** \n\n \n \n usage: metarget gadget [-h] subcommand ... \n \n positional arguments: \n subcommand description \n list list supported gadgets \n install install gadgets \n remove uninstall gadgets \n \n optional arguments: \n -h, --help show this help message and exit \n \n\n \n**2.2.1 Case: Install Docker with Specified Version** \n\n\nRun:\n \n \n ./metarget gadget install docker --version 18.03.1\n\nIf the command above completes successfully, 18.03.1 Docker will be installed.\n\n \n**2.2.2 Case: Install Kubernetes with Specified Version** \n\n\nRun:\n \n \n ./metarget gadget install k8s --version 1.16.5\n\nIf the command above completes successfully, 1.16.5 Kubernetes single-node cluster will be installed.\n\nNote:\n\nUsually, lots of options need to be configured in Kubernetes. As a security research project, Metarget provides some options for installation of Kubernetes:\n \n \n -v VERSION, --version VERSION \n gadget version \n --cni-plugin CNI_PLUGIN \n cni plugin, flannel by default \n --pod-network-cidr POD_NETWORK_CIDR \n pod network cidr, default cidr for each plugin by \n default \n --taint-master taint master node or not \n \n\n**Metarget supports deployment of multi-node cluster. If you want to add more nodes into the cluster, you can copy `tools/install_k8s_worker.sh` script and run it on each worker nodes after the successful installation of single-node cluster.**\n\n \n**2.2.3 Case: Install Kata-containers with Specified Version** \n\n\nRun:\n \n \n ./metarget gadget install kata --version 1.10.0\n\nIf the command above completes successfully, 1.10.0 Kata-containers will be installed.\n\nNote:\n\nYou can also specify the type of kata runtime (qemu/clh/fc/...) with `--kata-runtime-type` option, which is `qemu` by default.\n\n \n**2.2.4 Case: Install [Linux Kernel](<https://www.kitploit.com/search/label/Linux%20Kernel> \"Linux Kernel\" ) with Specified Version** \n\n\nRun:\n \n \n ./metarget gadget install kernel --version 5.7.5\n\nIf the command above completes successfully, 5.7.5 kernel will be installed.\n\nNote:\n\nCurrently, Metarget install kernels in 2 ways:\n\n 1. apt\n 2. if apt package is not available, download *.deb remotely from Ubuntu and try to install\n\nAfter successful installation of kernel, reboot of system is needed. Metarget will prompt to reboot automatically.\n\n \n**2.3 Manage Vulnerable Scenes Related to Cloud Native Components** \n\n \n \n usage: metarget cnv [-h] subcommand ... \n \n positional arguments: \n subcommand description \n list list supported cloud native vulnerabilities \n install install cloud native vulnerabilities \n remove uninstall cloud native vulnerabilities \n \n optional arguments: \n -h, --help show this help message and exit \n \n\nRun `./metarget cnv list` to see vulnerable scenes related to cloud native components supported currently.\n\n \n**2.3.1 Case: CVE-2019-5736** \n\n\nRun:\n \n \n ./metarget cnv install cve-2019-5736\n\nIf the command above completes successfully, Docker with CVE-2019-5736 will be installed\u3002\n\n \n**2.3.2 Case: CVE-2018-1002105** \n\n\nRun:\n \n \n ./metarget cnv install cve-2018-1002105\n\nIf the command above completes successfully, Kubernetes with CVE-2018-1002105 will be installed\u3002\n\n \n**2.3.3 Case: Kata-containers Escape** \n\n\nRun:\n \n \n ./metarget cnv install kata-escape-2020\n\nIf the command above completes successfully, Kata-containers with CVE-2020-2023/2025/2026 will be installed\u3002\n\n \n**2.3.4 Case: CVE-2016-5195** \n\n\nRun:\n \n \n ./metarget cnv install cve-2016-5195\n\nIf the command above completes successfully, kernel with CVE-2016-5195 will be installed\u3002\n\n \n**2.4 Manage Vulnerable Scenes Related to Cloud Native Applications** \n\n \n \n usage: metarget appv [-h] subcommand ... \n \n positional arguments: \n subcommand description \n list list supported application vulnerabilities \n install install application vulnerabilities \n remove uninstall application vulnerabilities \n \n optional arguments: \n -h, --help show this help message and exit \n \n\nRun `./metarget appv list` to see vulnerable scenes related to cloud native applications supported currently.\n\nNote:\n\nBefore deploying application vulnerable scenes, you should install Docker and Kubernetes firstly. You can use Metarget to install Docker and Kubernetes.\n\n \n**2.4.1 Case: DVWA** \n\n\nRun:\n \n \n ./metarget appv install dvwa\n\nIf the command above completes successfully, [DVWA](<https://github.com/digininja/DVWA> \"DVWA\" ) will be deployed as _Deployment_ and _Service_ resources in current Kubernetes.\n\nNote:\n\nYou can specify `--external` option, then the service will be exposed as `NodePort`, so that you can visit it by IP of the host node.\n\nBy default, the type of service is `ClusterIP`.\n\n \n**2.5 Manage Vulnerable Cloud Native Target Cluster** \n\n\nDeveloping, currently not supported.\n\n \n**3 Installation** \n \n**3.1 Requirements** \n\n\n * Ubuntu 16.04 or 18.04\n * Python >= 3.5\n * pip3\n \n**3.2 From Source** \n\n\nClone the repository and install requirements:\n \n \n git clone https://github.com/brant-ruan/metarget.git \n cd metarget/ \n pip install -r requirements.txt\n\nBegin to use Metarget and construct vulnerable scenes. For example:\n \n \n ./metarget cnv install cve-2019-5736\n\n \n**3.3 From PyPI** \n\n\nCurrently unsupported.\n\n \n**4 Scene List** \n \n**4.1 Vulnerable Scenes Related to Cloud Native Components** \nName | Class | Type | CVSS 3.x | Status \n---|---|---|---|--- \n[cve-2018-15664](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/docker/cve-2018-15664.yaml> \"cve-2018-15664\" ) | docker | container_escape | [7.5](<https://nvd.nist.gov/vuln/detail/CVE-2018-15664> \"7.5\" ) | \n\n\u2705 \n \n[cve-2019-13139](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/docker/cve-2019-13139.yaml> \"cve-2019-13139\" ) | docker | command_execution | [8.4](<https://nvd.nist.gov/vuln/detail/CVE-2019-13139> \"8.4\" ) | \n\n\u2705 \n \n[cve-2019-14271](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/docker/cve-2019-14271.yaml> \"cve-2019-14271\" ) | docker | container_escape | [9.8](<https://nvd.nist.gov/vuln/detail/CVE-2019-14271> \"9.8\" ) | \n\n\u2705 \n \n[cve-2020-15257](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/docker/cve-2020-15257.yaml> \"cve-2020-15257\" ) | docker/containerd | container_escape | [5.2](<https://nvd.nist.gov/vuln/detail/CVE-2020-15257> \"5.2\" ) | \n\n\u2705 \n \n[cve-2019-5736](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/docker/cve-2019-5736.yaml> \"cve-2019-5736\" ) | docker/runc | container_escape | [8.6](<https://nvd.nist.gov/vuln/detail/CVE-2019-5736> \"8.6\" ) | \n\n\u2705 \n \n[cve-2017-1002101](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2017-1002101.yaml> \"cve-2017-1002101\" ) | kubernetes | container_escape | [9.6](<https://nvd.nist.gov/vuln/detail/CVE-2017-1002101> \"9.6\" ) | \n\n\u2705 \n \n[cve-2018-1002105](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2018-1002105.yaml> \"cve-2018-1002105\" ) | kubernetes | privilege_escalation | [9.8](<https://nvd.nist.gov/vuln/detail/CVE-2018-1002105> \"9.8\" ) | \n\n\u2705 \n \n[cve-2019-11253](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2019-11253.yaml> \"cve-2019-11253\" ) | kubernetes | denial_of_service | [7.5](<https://nvd.nist.gov/vuln/detail/CVE-2019-11253> \"7.5\" ) | \n\n\u2705 \n \n[cve-2019-9512](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2019-9512.yaml> \"cve-2019-9512\" ) | kubernetes | denial_of_service | [7.5](<https://nvd.nist.gov/vuln/detail/CVE-2019-9512> \"7.5\" ) | \n\n\u2705 \n \n[cve-2019-9514](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2019-9514.yaml> \"cve-2019-9514\" ) | kubernetes | denial_of_service | [7.5](<https://nvd.nist.gov/vuln/detail/CVE-2019-9514> \"7.5\" ) | \n\n\u2705 \n \n[cve-2020-8554](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2020-8554.yaml> \"cve-2020-8554\" ) | kubernetes | man_in_the_middle | [5.0](<https://nvd.nist.gov/vuln/detail/CVE-2020-8554> \"5.0\" ) | \n\n\u2705 \n \n[cve-2020-8557](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2020-8557.yaml> \"cve-2020-8557\" ) | kubernetes | denial_of_service | [5.5](<https://nvd.nist.gov/vuln/detail/CVE-2020-8557> \"5.5\" ) | \n\n\u2705 \n \n[cve-2020-8558](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kubernetes/cve-2020-8558.yaml> \"cve-2020-8558\" ) | kubernetes | exposure_of_service | [8.8](<https://nvd.nist.gov/vuln/detail/CVE-2020-8558> \"8.8\" ) | \n\n\u2705 \n \n[cve-2016-5195](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kernel/cve-2016-5195.yaml> \"cve-2016-5195\" ) | kernel | container_escape | [7.8](<https://nvd.nist.gov/vuln/detail/CVE-2016-5195> \"7.8\" ) | \n\n\u2705 \n \n[cve-2018-18955](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kernel/cve-2018-18955.yaml> \"cve-2018-18955\" ) | kernel | privilege_escalation | [7.0](<https://nvd.nist.gov/vuln/detail/CVE-2018-18955> \"7.0\" ) | \n\n\u2705 \n \n[cve-2020-14386](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kernel/cve-2020-14386.yaml> \"cve-2020-14386\" ) | kernel | container_escape | [7.8](<https://nvd.nist.gov/vuln/detail/CVE-2020-14386> \"7.8\" ) | \n\n\u2705 \n \n[cap_dac_read_search-container](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/configs/cap_dac_read_search-container.yaml> \"cap_dac_read_search-container\" ) | config | container_escape | - | \n\n\u2705 \n \n[cap_sys_admin-container](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/configs/cap_sys_admin-container.yaml> \"cap_sys_admin-container\" ) | config | container_escape | - | \n\n\u2705 \n \n[cap_sys_ptrace-container](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/configs/cap_sys_ptrace-container.yaml> \"cap_sys_ptrace-container\" ) | config | container_escape | - | \n\n\u2705 \n \n[privileged-container](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/configs/privileged-container.yaml> \"privileged-container\" ) | config | container_escape | - | \n\n\u2705 \n \n[mount-docker-sock](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/mounts/mount-docker-sock.yaml> \"mount-docker-sock\" ) | mount | container_escape | - | \n\n\u2705 \n \n[mount-host-etc](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/mounts/mount-host-etc.yaml> \"mount-host-etc\" ) | mount | container_escape | - | \n\n\u2705 \n \n[mount-host-procfs](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/mounts/mount-host-procfs.yaml> \"mount-host-procfs\" ) | mount | container_escape | - | \n\n\u2705 \n \n[kata-escape-2020](<https://github.com/brant-ruan/metarget/blob/master/vulns_cn/kata-containers/kata-escape-2020.yaml> \"kata-escape-2020\" ) | kata-containers | container_escape | [6.3](<https://nvd.nist.gov/vuln/detail/CVE-2020-2023> \"6.3\" )/[8.8](<https://nvd.nist.gov/vuln/detail/CVE-2020-2025> \"8.8\" )/[8.8](<https://nvd.nist.gov/vuln/detail/CVE-2020-2026> \"8.8\" ) | \n\n\u2705 \n \n \n**4.2 Vulnerable Scenes Related to Cloud Native Applications** \n\n\nThese scenes are mainly derived from other open-source projects:\n\n * [Vulhub](<https://github.com/vulhub/vulhub> \"Vulhub\" )\n * [DVWA](<https://github.com/digininja/DVWA> \"DVWA\" )\n\nWe express sincere gratitude to projects above!\n\nMetarget converts scenes in projects above to _Deployments_ and _Services_ resources in Kubernetes (thanks to [kompose](<https://github.com/kubernetes/kompose> \"kompose\" )).\n\nTo list vulnerable scenes related to cloud native applications supported by Metarget, just run\uff1a\n \n \n ./metarget appv list\n\n \n**5 DEMO** \n\n\n[](<https://asciinema.org/a/407107>)\n\n \n\n\n**6 Development Plan** \n\n\n * deployments of basic cloud native components (docker, k8s)\n * integrations of vulnerable scenes related to cloud native components\n * integrations of RCE scenes in containers\n * automatic construction of multi-node cloud native target cluster\n * integrations of other cloud native vulnerable scenes (long term)\n \n**7 Maintainers** \n\n\n * [@brant-ruan](<https://github.com/brant-ruan> \"@brant-ruan\" )\n * [@ListenerMoya](<https://github.com/ListenerMoya> \"@ListenerMoya\" )\n \n**8 About Logo** \n\n\nIt is not a Kubernetes, but a vulnerable [infrastructure](<https://www.kitploit.com/search/label/Infrastructure> \"infrastructure\" ) with three gears which could not work well (vulnerable) :)\n\n \n \n\n\n**[Download Metarget](<https://github.com/brant-ruan/metarget> \"Download Metarget\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-04T21:30:00", "type": "kitploit", "title": "Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5195", "CVE-2017-1002101", "CVE-2018-1002105", "CVE-2018-15664", "CVE-2018-18955", "CVE-2019-11253", "CVE-2019-13139", "CVE-2019-14271", "CVE-2019-5736", "CVE-2019-9512", "CVE-2019-9514", "CVE-2020-14386", "CVE-2020-15257", "CVE-2020-2023", "CVE-2020-2025", "CVE-2020-2026", "CVE-2020-8554", "CVE-2020-8557", "CVE-2020-8558"], "modified": "2021-06-04T21:30:00", "id": "KITPLOIT:8656177976839178440", "href": "http://www.kitploit.com/2021/06/metarget-framework-providing-automatic.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
XML Entity Expansion and Improper Input Validation in Kubernetes API server
