Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:2138
HistoryMay 18, 2023 - 2:30 a.m.

(RHSA-2023:2138) Moderate: OpenShift Container Platform 4.13.0 CNF vRAN extras security update

2023-05-1802:30:47
access.redhat.com
10

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.2%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:1326

All OpenShift Container Platform users are advised to upgrade to these updated packages and images.

Security Fix(es):

  • vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)
  • vault: incorrect policy enforcement (CVE-2021-43998)

Related

prion 2
osv 6
redhatcve 2
github 2
veracode 2
cve 2
alpinelinux 1
ibm 1
nessus 1
gentoo 1
redhat 1
prion
prion
Design/Logic Flaw
2021-11-30 15:15:00
Authentication flaw
2020-08-26 15:15:00
osv
osv
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
2021-12-02 17:48:30
HashiCorp Vault Authentication bypass
2024-01-31 00:21:58
BIT-vault-2021-43998
2024-03-06 11:10:23
redhatcve
redhatcve
CVE-2021-43998
2023-02-06 03:56:00
CVE-2020-16251
2023-02-06 10:56:04
github
github
HashiCorp Vault Authentication bypass
2024-01-31 00:21:58
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
2021-12-02 17:48:30
veracode
veracode
Privilege Escalation
2021-12-03 03:10:51
Authorization Bypass
2020-08-27 04:51:48
cve
cve
CVE-2021-43998
2021-11-30 15:15:00
CVE-2020-16251
2020-08-26 15:15:00
alpinelinux
alpinelinux
CVE-2020-16251
2020-08-26 15:15:00
ibm
ibm
Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management
2021-03-11 05:50:03
nessus
nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2022-08-02 00:00:00
gentoo
gentoo
HashiCorp Vault: Multiple Vulnerabilities
2022-07-29 00:00:00
redhat
redhat
(RHSA-2023:3742) Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
2023-06-21 15:20:50

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.2%

JSON
Related for RHSA-2023:2138
prion2osv6redhatcve2github2veracode2cve2alpinelinux1ibm1nessus1gentoo1redhat1