Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2437
HistoryJul 27, 2021 - 9:34 p.m.

(RHSA-2021:2437) Moderate: OpenShift Container Platform 4.8.2 packages and security update

2021-07-2721:34:30
access.redhat.com
234

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2021:2438

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

  • golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)

  • openshift: Injected service-ca.crt incorrectly contains additional internal CAs (CVE-2021-3636)

  • python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS (CVE-2021-21419)

  • jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin (CVE-2021-21623)

  • jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin (CVE-2021-21648)

  • kubernetes: Validating Admission Webhook does not observe some previous fields (CVE-2021-25735)

  • jenkins: lack of type validation in agent related REST API (CVE-2021-21639)

  • jenkins: view name validation bypass (CVE-2021-21640)

  • kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack (CVE-2021-25737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lecri-tools< 1.21.0-2.el8cri-tools-1.21.0-2.el8.ppc64le.rpm
RedHat8x86_64butane-debuginfo< 0.12.1-1.rhaos4.8.el8butane-debuginfo-0.12.1-1.rhaos4.8.el8.x86_64.rpm
RedHat8s390xovn2.13< 20.12.0-25.el8fdpovn2.13-20.12.0-25.el8fdp.s390x.rpm
RedHat8s390xignition-debugsource< 2.9.0-6.rhaos4.8.el8ignition-debugsource-2.9.0-6.rhaos4.8.el8.s390x.rpm
RedHat8ppc64lepodman-remote-debuginfo< 3.0.1-6.el8podman-remote-debuginfo-3.0.1-6.el8.ppc64le.rpm
RedHat8x86_64ovn2.13-central-debuginfo< 20.12.0-25.el8fdpovn2.13-central-debuginfo-20.12.0-25.el8fdp.x86_64.rpm
RedHat8x86_64ostree-libs-debuginfo< 2020.7-5.el8_4ostree-libs-debuginfo-2020.7-5.el8_4.x86_64.rpm
RedHat8ppc64leopenshift-hyperkube< 4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.ppc64le.rpm
RedHat8x86_64afterburn-debuginfo< 5.0.0-1.rhaos4.8.el8afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.x86_64.rpm
RedHat8noarchopenstack-ironic-api< 17.0.4-0.20210713221218.a415e7e.el8openstack-ironic-api-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm
Rows per page:
1-10 of 2761

Related

nessus 30
redhat 25
freebsd 2
prion 11
redhatcve 11
cve 11
github 8
alpinelinux 5
veracode 10
osv 27
fedora 2
ubuntucve 8
checkpoint_advisories 1
debiancve 6
mageia 1
ubuntu 1
photon 3
ibm 15
altlinux 3
gitlab 4
hackerone 1
archlinux 2
cgr 1
githubexploit 1
wolfi 1
f5 1
cbl_mariner 1
cnvd 1
oraclelinux 1
suse 3
amazon 1
rocky 1
nessus
nessus
RHEL 7 / 8 : OpenShift Container Platform 4.8.2 packages and (RHSA-2021:2437)
2021-07-27 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (9595d002-edeb-4602-be2d-791cd654247e)
2021-04-14 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.7.11 (RHSA-2021:1551)
2021-05-20 00:00:00
redhat
redhat
(RHSA-2022:6133) Important: OpenShift Container Platform 4.10.30 bug fix and security update
2022-08-31 10:45:15
(RHSA-2021:3361) Moderate: Migration Toolkit for Containers (MTC) 1.5.1 security and bug fix update
2021-08-31 08:04:58
(RHSA-2021:1551) Moderate: OpenShift Container Platform 4.7.11 security and bug fix update
2021-05-19 14:41:36
freebsd
freebsd
jenkins -- multiple vulnerabilities
2021-04-07 00:00:00
go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
2021-01-13 00:00:00
prion
prion
Authorization
2021-03-18 14:15:00
Cross site scripting
2021-05-11 15:15:00
Code injection
2021-05-07 15:15:00
redhatcve
redhatcve
CVE-2021-21639
2021-04-07 17:15:59
CVE-2021-21623
2021-03-18 15:25:56
CVE-2021-21419
2021-05-11 20:54:43
cve
cve
CVE-2021-21623
2021-03-18 14:15:00
CVE-2021-21419
2021-05-07 15:15:00
CVE-2021-21648
2021-05-11 15:15:00
github
github
Cross-Site Request Forgery in Jenkins Credentials Plugin
2021-06-16 17:24:31
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
2022-05-24 17:44:47
Lack of type validation in agent related REST API in Jenkins
2022-05-24 17:46:47
alpinelinux
alpinelinux
CVE-2021-21640
2021-04-07 14:15:00
CVE-2021-21639
2021-04-07 14:15:00
CVE-2021-25735
2021-09-06 12:15:00
veracode
veracode
Information Disclosure
2021-08-13 18:03:47
Cross-site Scripting (XSS)
2021-08-13 18:03:50
Denial Of Service (DoS)
2021-05-10 02:49:48
osv
osv
CVE-2021-21623
2021-03-18 14:15:13
PYSEC-2021-12
2021-05-07 15:15:00
Lack of type validation in agent related REST API in Jenkins
2022-05-24 17:46:47
fedora
fedora
[SECURITY] Fedora 34 Update: python-eventlet-0.31.0-1.fc34
2021-05-25 01:09:52
[SECURITY] Fedora 33 Update: python-eventlet-0.31.0-1.fc33
2021-05-25 01:10:23
ubuntucve
ubuntucve
CVE-2021-21639
2021-04-07 00:00:00
CVE-2021-21419
2021-05-07 00:00:00
CVE-2021-21640
2021-04-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Jenkins Credentials Plugin Cross-Site Scripting (CVE-2021-21648)
2021-05-31 00:00:00
debiancve
debiancve
CVE-2021-21419
2021-05-07 15:15:00
CVE-2021-25735
2021-09-06 12:15:00
CVE-2021-25737
2021-09-06 12:15:00
mageia
mageia
Updated python-eventlet packages fix security vulnerability
2021-06-18 22:24:28
ubuntu
ubuntu
Eventlet vulnerability
2021-05-17 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0413
2021-07-12 00:00:00
Low Photon OS Security Update - PHSA-2021-0413
2021-07-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0013
2021-04-22 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2021-25737)
2021-05-28 16:54:22
Security Bulletin: A vulnerability in Kubernetes kube-apiserver may affect IBM Robotic Process Automation for Cloud Pak and result in a bypass of security restrictions (CVE-2021-25735).
2023-06-20 14:23:20
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2021-25737)
2022-04-22 13:12:17
altlinux
altlinux
Security fix for the ALT Linux 10 package kubernetes version 1.20.8-alt1
2021-06-30 00:00:00
Security fix for the ALT Linux 9 package golang version 1.15.7-alt1
2021-01-20 00:00:00
Security fix for the ALT Linux 10 package golang version 1.15.7-alt1
2021-01-20 00:00:00
gitlab
gitlab
URL Redirection to Untrusted Site (Open Redirect)
2021-09-06 00:00:00
URL Redirection to Untrusted Site ('Open Redirect')
2021-09-07 00:00:00
Incorrect Authorization
2021-12-16 00:00:00
hackerone
hackerone
Kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
2021-04-02 00:59:23
archlinux
archlinux
[ASA-202106-29] kube-apiserver: insufficient validation
2021-06-09 00:00:00
[ASA-202101-27] go: multiple issues
2021-01-20 00:00:00
cgr
cgr
CVE-2021-3121 vulnerabilities
2024-04-19 03:23:19
githubexploit
githubexploit
Exploit for Incorrect Authorization in Kubernetes
2021-04-22 07:25:31
wolfi
wolfi
CVE-2021-3121 vulnerabilities
2024-04-19 03:09:49
f5
f5
K15405135 : GO vulnerability CVE-2021-3114
2021-11-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3114 affecting package golang 1.15.5-1
2021-07-08 21:56:48
cnvd
cnvd
Red Hat OpenShift has unexplained holes
2021-07-15 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security, bug fix, and enhancement update
2021-05-25 00:00:00
suse
suse
Security update for go1.14 (moderate)
2021-01-29 00:00:00
Security update for go1.14 (moderate)
2021-01-30 00:00:00
Security update for go1.15 (moderate)
2021-01-29 00:00:00
amazon
amazon
Medium: golang
2021-02-19 01:24:00
rocky
rocky
go-toolset:rhel8 security, bug fix, and enhancement update
2021-05-18 05:59:11

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON
Related for RHSA-2021:2437
nessus30redhat25freebsd2prion11redhatcve11cve11github8alpinelinux5veracode10osv27fedora2ubuntucve8checkpoint_advisories1debiancve6mageia1ubuntu1photon3ibm15altlinux3gitlab4hackerone1archlinux2cgr1githubexploit1wolfi1f51cbl_mariner1cnvd1oraclelinux1suse3amazon1rocky1