Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0079
HistoryJan 20, 2021 - 4:38 p.m.

(RHSA-2021:0079) Moderate: OpenShift Container Platform 3.11.374 bug fix and security update

2021-01-2016:38:11
access.redhat.com
106

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.374. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:0080

Security Fix(es):

  • golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter (CVE-2019-11840)

  • kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)

  • python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64leatomic-openshift< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
RedHat7x86_64atomic-openshift-sdn-ovs< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
RedHat7ppc64leatomic-openshift-hyperkube< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
RedHat7ppc64leatomic-openshift-sdn-ovs< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
RedHat7ppc64leopenshift-enterprise-cluster-capacity< 3.11.374-1.git.379.80bd08f.el7openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.ppc64le.rpm
RedHat7noarchopenshift-kuryr-cni< 3.11.374-1.git.1478.ef11824.el7openshift-kuryr-cni-3.11.374-1.git.1478.ef11824.el7.noarch.rpm
RedHat7ppc64leprometheus-alertmanager< 3.11.374-1.git.0.3abd2a5.el7prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.ppc64le.rpm
RedHat7x86_64atomic-openshift-node< 3.11.374-1.git.0.ebd3ee9.el7atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
RedHat7ppc64leprometheus-node-exporter< 3.11.374-1.git.1062.490d6d5.el7prometheus-node-exporter-3.11.374-1.git.1062.490d6d5.el7.ppc64le.rpm
RedHat7x86_64atomic-enterprise-service-catalog-svcat< 3.11.374-1.git.1675.738abcc.el7atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm
Rows per page:
1-10 of 621

Related

nessus 52
osv 20
debiancve 3
suse 4
redhat 13
redhatcve 3
cve 3
cgr 1
debian 8
ubuntucve 3
wolfi 1
gitlab 5
openvas 1
veracode 3
github 3
prion 3
ibm 18
hackerone 1
githubexploit 5
rocky 2
mageia 2
ubuntu 1
cbl_mariner 4
alpinelinux 2
amazon 1
oraclelinux 5
almalinux 2
photon 7
f5 1
centos 1
kitploit 2
rosalinux 1
oracle 5
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11.374 bug fix and (RHSA-2021:0079)
2021-01-20 00:00:00
Debian DLA-2454-1 : rclone security update
2020-11-19 00:00:00
Debian DLA-2442-1 : obfs4proxy security update
2020-11-10 00:00:00
osv
osv
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
2022-05-24 16:45:25
python-urllib3 vulnerability
2020-10-05 17:04:30
golang-go.crypto - security update
2019-06-30 00:00:00
debiancve
debiancve
CVE-2019-11840
2019-05-09 16:29:00
CVE-2020-8554
2021-01-21 17:15:00
CVE-2020-26137
2020-09-30 18:15:00
suse
suse
Security update for python-urllib3 (moderate)
2020-12-13 00:00:00
Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)
2021-08-27 00:00:00
Security update for python-urllib3 (moderate)
2020-12-18 00:00:00
redhat
redhat
(RHSA-2021:1631) Moderate: python-urllib3 security update
2021-05-18 05:42:27
(RHSA-2022:5235) Moderate: python security update
2022-06-28 07:52:39
(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update
2021-05-18 06:02:07
redhatcve
redhatcve
CVE-2019-11840
2020-04-08 05:31:02
CVE-2020-8554
2020-12-07 20:21:43
CVE-2020-26137
2020-09-29 19:03:30
cve
cve
CVE-2019-11840
2019-05-09 16:29:00
CVE-2020-8554
2021-01-21 17:15:00
CVE-2020-26137
2020-09-30 18:15:00
cgr
cgr
CVE-2019-11840 vulnerabilities
2024-04-19 21:06:40
debian
debian
[SECURITY] [DLA 2527-1] snapd security update
2021-01-17 21:20:08
[SECURITY] [DLA 2454-1] rclone security update
2020-11-18 21:01:58
[SECURITY] [DLA 2442-1] obfs4proxy security update
2020-11-09 21:54:58
ubuntucve
ubuntucve
CVE-2019-11840
2019-05-09 00:00:00
CVE-2020-8554
2021-01-21 00:00:00
CVE-2020-26137
2020-09-30 00:00:00
wolfi
wolfi
CVE-2019-11840 vulnerabilities
2024-04-19 21:05:52
gitlab
gitlab
Use of Insufficiently Random Values
2022-05-24 00:00:00
Use of Insufficiently Random Values
2022-05-24 00:00:00
Incorrect Authorization
2021-01-21 00:00:00
openvas
openvas
Debian LTS: Security Advisory for golang-go.crypto (DLA-1840-1)
2019-07-01 00:00:00
veracode
veracode
Wrong And Predictable Encryption
2019-07-01 07:31:03
Carriage-Return Line-Feed (CRLF) Injection
2020-10-01 01:43:17
Man-in-the-Middle (MitM)
2021-01-22 08:18:49
github
github
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
2022-05-24 16:45:25
Unverified Ownership in Kubernetes
2022-02-08 21:50:34
CRLF injection in urllib3
2021-06-18 18:46:43
prion
prion
Information disclosure
2019-05-09 16:29:00
Code injection
2021-01-21 17:15:00
Crlf injection
2020-09-30 18:15:00
ibm
ibm
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)
2021-03-11 10:40:38
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)
2021-06-11 15:44:25
Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).
2023-08-21 17:54:57
hackerone
hackerone
Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services
2019-12-27 06:05:35
githubexploit
githubexploit
Exploit for Incorrect Authorization in Kubernetes
2021-02-09 21:29:44
Exploit for Incorrect Authorization in Kubernetes
2021-01-21 22:41:50
Exploit for Incorrect Authorization in Kubernetes
2020-12-11 17:40:47
rocky
rocky
python-urllib3 security update
2021-05-18 05:42:27
python27:2.7 security and bug fix update
2021-05-18 06:02:07
mageia
mageia
Updated python-urllib3 packages fix security vulnerability
2021-01-25 18:25:52
Updated python-pip packages fix security vulnerabilities
2021-01-25 18:25:52
ubuntu
ubuntu
urllib3 vulnerability
2020-10-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-26137 affecting package python-urllib3 1.24.2-2
2021-08-11 06:39:25
CVE-2020-8554 affecting package kubernetes 1.22.6-4
2022-01-26 22:57:10
CVE-2020-8554 affecting package kubernetes 1.29.1-3
2024-03-19 17:21:46
alpinelinux
alpinelinux
CVE-2020-8554
2021-01-21 17:15:00
CVE-2020-26137
2020-09-30 18:15:00
amazon
amazon
Medium: python-urllib3
2021-06-16 20:37:00
oraclelinux
oraclelinux
python-urllib3 security update
2021-05-25 00:00:00
olcne security update
2021-02-10 00:00:00
olcne security update
2021-02-10 00:00:00
almalinux
almalinux
Moderate: python-urllib3 security update
2021-05-18 05:42:27
Moderate: python27:2.7 security and bug fix update
2021-05-18 06:02:07
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0456
2022-03-28 00:00:00
Critical Photon OS Security Update - PHSA-2021-0442
2021-10-13 00:00:00
Important Photon OS Security Update - PHSA-2021-0246
2021-06-02 00:00:00
f5
f5
K000133547 : Python urllib3 vulnerability CVE-2020-26137
2023-04-18 00:00:00
centos
centos
python, tkinter security update
2022-08-02 19:15:12
kitploit
kitploit
CDK - Zero Dependency Container Penetration Toolkit
2021-01-21 11:30:00
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2203
2023-08-01 12:58:39
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON
Related for RHSA-2021:0079
nessus52osv20debiancve3suse4redhat13redhatcve3cve3cgr1debian8ubuntucve3wolfi1gitlab5openvas1veracode3github3prion3ibm18hackerone1githubexploit5rocky2mageia2ubuntu1cbl_mariner4alpinelinux2amazon1oraclelinux5almalinux2photon7f51centos1kitploit2rosalinux1oracle5