Security Bulletin: Multiple vulnerabilities in IBM Storage Scale Container Native could allow access to container outside the current namespace

Summary

Multipe security vulnerabilities have been identified in IBM Storage Scale Container Native that could allow access to container outside the current namespace. A fix for these vulnerabilities is available.

Vulnerability Details

CVEID:CVE-2022-41738
**DESCRIPTION:**IBM Spectrum Scale could allow an attacker to initiate connections to containers from external networks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237812 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-41737
**DESCRIPTION:**IBM Spectrum Scale could allow a local attacker to initiate connections from a container outside the current namespace.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237811 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

For IBM Storage Scale Container Native Storage Access (CNSA), a fix is available in V5.1.9.1 or later. Request you to get the fix by following the below IBM Documentation link:

• Upgrade paths to get to CNSA 5.1.9.1 can be referenced here: <https://www.ibm.com/docs/en/scalecontainernative?topic=upgrading-supported-upgrade-paths&gt;
• Post upgrade, please follow steps as mentioned in the link for applying network policies : <https://www.ibm.com/docs/en/scalecontainernative?topic=upgrading-post-upgrade-tasks&gt;.
• It’s always recommended that the entirety of the OpenShift cluster be protected with a firewall.
• For new installs, network policies can be enabled via these steps: <https://www.ibm.com/docs/en/scalecontainernative?topic=resources-cluster#concept_zqg_4dz_zrb__section_jnf_rm5_tyb__title__1&gt;

Workarounds and Mitigations

None