Lucene search

K
redhatRedHatRHSA-2022:5840
HistoryAug 02, 2022 - 7:38 a.m.

(RHSA-2022:5840) Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

2022-08-0207:38:08
access.redhat.com
75
migration toolkit
containers
security fixes
bug fixes
kubernetes
openshift
cvss score
vulnerabilities
cve page
velero
restic
dns validation

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

87.4%

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Security Fix(es):

  • cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)

  • [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965)

  • MTC: 1.7.1 on OCP 4.6: UI is stuck in “Discovering persistent volumes attached to source projects” step (BZ#2099856)

  • Correct DNS validation for destination namespace (BZ#2102231)

  • Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073)

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

87.4%