Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2041
HistoryMay 19, 2021 - 9:08 a.m.

(RHSA-2021:2041) Moderate: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update

2021-05-1909:08:44
access.redhat.com
61

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.377 Low

EPSS

Percentile

97.2%

JSON

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  • kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565)

  • jwt-go: access restriction bypass vulnerability (CVE-2020-26160)

  • nodejs-date-and-time: ReDoS in parsing via date.compile (CVE-2020-26289)

  • golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

  • golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)

  • NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)

  • nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

This update includes various bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.7/html-single/4.7_release_notes/index

All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images.

Related

nodejsblog 1
ibm 35
redhat 19
nessus 39
freebsd 2
osv 17
hackerone 1
redhatcve 7
attackerkb 2
photon 2
freebsd_advisory 1
oraclelinux 2
mageia 2
openvas 14
altlinux 2
thn 1
cisco 1
amazon 1
archlinux 1
almalinux 1
symantec 2
fedora 1
rocky 2
suse 4
prion 4
veracode 5
cve 5
github 5
nodejs 1
wolfi 1
ubuntucve 4
debiancve 4
cgr 1
gitlab 5
kaspersky 1
gentoo 1
alpinelinux 2
nodejsblog
nodejsblog
April 2021 Security Releases
2021-04-06 00:00:00
ibm
ibm
Security Bulletin: Potential vulnerability with Node.js
2021-07-30 21:10:10
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
2021-06-25 08:42:53
Security Bulletin: IBM Elastic Storage System systems are affected by vulnerabilities in OpenSSL
2021-05-19 10:06:22
redhat
redhat
(RHSA-2021:1338) Moderate: Release of OpenShift Serverless 1.14.0 security update
2021-04-22 17:09:24
(RHSA-2021:2042) Moderate: Red Hat OpenShift Container Storage 4.7 RPM security, bug fix, and enhancement update
2021-05-19 09:48:29
(RHSA-2021:1452) Important: Red Hat Ceph Storage security, bug fix, and enhancement Update
2021-04-28 18:38:27
nessus
nessus
FreeBSD : Node.js -- April 2021 Security Releases (c0c1834c-9761-11eb-acfd-0022489ad614)
2021-04-14 00:00:00
RHEL 7 / 8 : Red Hat Ceph Storage security, bug fix, and enhancement Update (Important) (RHSA-2021:1452)
2021-04-29 00:00:00
AlmaLinux 8 : openssl (ALSA-2021:1024)
2022-02-09 00:00:00
freebsd
freebsd
Node.js -- April 2021 Security Releases
2021-04-06 00:00:00
OpenSSL -- Multiple vulnerabilities
2021-03-25 00:00:00
osv
osv
Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
2021-04-14 20:04:52
Important: openssl security update
2021-03-29 19:03:22
CVE-2020-26289
2020-12-28 19:15:12
hackerone
hackerone
Kubernetes: CVE-2019-11250 remains in effect.
2020-08-06 17:42:21
redhatcve
redhatcve
CVE-2020-8565
2020-10-16 00:02:11
CVE-2020-26289
2020-12-30 13:31:53
CVE-2020-26160
2020-09-30 22:37:10
attackerkb
attackerkb
OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449
2021-03-25 00:00:00
CVE-2021-3450
2021-03-25 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0331
2021-03-25 00:00:00
Important Photon OS Security Update - PHSA-2021-0331
2021-03-25 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-21:07.openssl
2021-03-25 00:00:00
oraclelinux
oraclelinux
openssl security update
2021-04-01 00:00:00
openssl security update
2021-03-29 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2021-04-05 18:54:07
Updated nodejs-yargs-parser packages fix security vulnerability
2021-04-02 23:25:05
openvas
openvas
Tenable Nessus <= 8.13.1 Multiple Third-party Vulnerabilities (TNS-2021-05)
2021-04-07 00:00:00
Mageia: Security Advisory (MGASA-2021-0176)
2022-01-28 00:00:00
Fedora: Security Advisory for openssl (FEDORA-2021-cbf14ab8f9)
2021-04-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1k-alt1
2021-03-29 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1k-alt1
2021-03-25 00:00:00
thn
thn
OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities
2021-03-26 14:56:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
2021-03-25 16:00:00
amazon
amazon
Important: openssl11
2021-03-25 18:31:00
archlinux
archlinux
[ASA-202103-10] openssl: multiple issues
2021-03-25 00:00:00
almalinux
almalinux
Important: openssl security update
2021-03-29 19:03:22
symantec
symantec
OpenSSL Vulnerabilities Mar 2021
2021-04-07 19:44:57
Kubernetes CVE-2019-11250 Information Disclosure Vulnerability
2019-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: openssl-1.1.1k-1.fc34
2021-04-01 00:53:20
rocky
rocky
openssl security update
2021-03-29 19:03:22
nodejs:12 security and bug fix update
2020-12-15 16:03:21
suse
suse
Security update for nodejs12 (important)
2021-07-14 00:00:00
Security update for nodejs10 (important)
2021-07-20 00:00:00
Security update for nodejs12 (important)
2021-07-20 00:00:00
prion
prion
Design/Logic Flaw
2020-12-28 19:15:00
Design/Logic Flaw
2021-01-08 18:15:00
Design/Logic Flaw
2019-08-29 01:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2020-12-28 05:41:15
Authorization Bypass
2020-09-30 00:55:36
Information Disclosure
2021-03-11 22:54:12
cve
cve
CVE-2020-26289
2020-12-28 19:15:00
CVE-2019-11250
2019-08-29 01:15:00
CVE-2020-25678
2021-01-08 18:15:00
github
github
regular expression denial of service (ReDoS)
2020-12-24 20:49:02
Authorization bypass in github.com/dgrijalva/jwt-go
2021-05-18 21:08:21
Kubernetes client-go library logs may disclose credentials to unauthorized users
2022-05-24 16:55:06
nodejs
nodejs
Regular Expression Denial of Service
2020-12-30 19:13:04
wolfi
wolfi
CVE-2020-26160 vulnerabilities
2024-04-24 21:08:11
ubuntucve
ubuntucve
CVE-2020-25678
2021-01-08 00:00:00
CVE-2020-26160
2020-09-30 00:00:00
CVE-2019-11250
2019-08-29 00:00:00
debiancve
debiancve
CVE-2020-26160
2020-09-30 18:15:00
CVE-2020-25678
2021-01-08 18:15:00
CVE-2019-11250
2019-08-29 01:15:00
cgr
cgr
CVE-2020-26160 vulnerabilities
2024-04-24 21:06:49
gitlab
gitlab
Credentials Management
2019-08-29 00:00:00
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
kaspersky
kaspersky
KLA12311 Multiple vulnerabilities in Microsoft Developer Tools
2021-10-12 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2021-03-31 00:00:00
alpinelinux
alpinelinux
CVE-2020-26160
2020-09-30 18:15:00
CVE-2020-28362
2020-11-18 17:15:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.377 Low

EPSS

Percentile

97.2%

JSON
Related for RHSA-2021:2041
nodejsblog1ibm35redhat19nessus39freebsd2osv17hackerone1redhatcve7attackerkb2photon2freebsd_advisory1oraclelinux2mageia2openvas14altlinux2thn1cisco1amazon1archlinux1almalinux1symantec2fedora1rocky2suse4prion4veracode5cve5github5nodejs1wolfi1ubuntucve4debiancve4cgr1gitlab5kaspersky1gentoo1alpinelinux2