Lucene search

K
redhatRedHatRHSA-2021:4845
HistoryNov 29, 2021 - 1:20 p.m.

(RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

2021-11-2913:20:02
access.redhat.com
50
openshift container storage
red hat
security fix
bug fix
multicloud data management
s3 compatible api
cve-2020-26301
namespace bucket health
multicloud object gateway
database queries
compute resources

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.042

Percentile

92.4%

Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Storage is highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provides a multicloud data management service
with an S3 compatible API.

Security Fix(es):

  • nodejs-ssh2: Command injection by calling vulnerable method with
    untrusted input (CVE-2020-26301)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Bug Fix(es):

  • Previously, when the namespace store target was deleted, no alert was
    sent to the namespace bucket because of an issue in calculating the
    namespace bucket health. With this update, the issue in calculating the
    namespace bucket health is fixed and alerts are triggered as expected.
    (BZ#1993873)

  • Previously, the Multicloud Object Gateway (MCG) components performed
    slowly and there was a lot of pressure on the MCG components due to
    non-optimized database queries. With this update the non-optimized
    database queries are fixed which reduces the compute resources and time
    taken for queries. (BZ#2015939)

Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.042

Percentile

92.4%