Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:4862
HistoryAug 29, 2023 - 2:04 p.m.

(RHSA-2023:4862) Critical: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

2023-08-2914:04:31
access.redhat.com
15
rhsa-2023
critical
multicluster engine
kubernetes
security updates
bug fixes
openshift
cve-2023-3089
cve-2023-37903
cve-2023-37466
unix

0.003 Low

EPSS

Percentile

71.6%

JSON

Multicluster Engine for Kubernetes 2.3.1 images

Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.

Security fix(es):

  • CVE-2023-3089 openshift: OCP & FIPS mode
  • CVE-2023-37903 - vm2: custom inspect function allows attackers to escape the
    sandbox and run arbitrary code
  • CVE-2023-37466 - vm2: Promise handler sanitization can be bypassed allowing
    attackers to escape the sandbox and run arbitrary code

Related

osv 5
ibm 4
openvas 1
github 3
prion 3
githubexploit 1
veracode 1
exploitdb 1
cvelist 3
redhatcve 3
cve 3
packetstorm 1
zdt 1
nessus 11
redhat 39
osv
osv
vm2 Sandbox Escape vulnerability
2023-07-13 17:01:58
CVE-2023-37466
2023-07-14 00:15:09
vm2 Sandbox Escape vulnerability
2023-07-13 17:02:02
ibm
ibm
Security Bulletin: IBM Instana Observability for Synthetic PoP is affected by vulnerabilities in vm2
2024-03-15 13:58:17
Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Box or Snowflake connectors are vulnerable to arbitrary code execution due to [CVE-2023-37466], [CVE-2023-37903]
2023-08-24 15:07:58
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]
2023-09-11 16:26:35
openvas
openvas
vm2 <= 3.9.19 Multiple Sandbox Escape Vulnerabilities (Jul 2023)
2023-07-14 00:00:00
github
github
vm2 Sandbox Escape vulnerability
2023-07-13 17:01:58
vm2 Sandbox Escape vulnerability
2023-07-13 17:02:02
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
2024-04-22 18:38:11
prion
prion
Remote code execution
2023-07-14 00:15:00
Remote code execution
2023-07-21 20:15:00
Design/Logic Flaw
2023-07-05 13:15:00
githubexploit
githubexploit
Exploit for OS Command Injection in Vm2 Project Vm2
2023-11-05 11:23:15
veracode
veracode
Sandbox Escape
2023-07-14 02:38:41
exploitdb
exploitdb
vm2 - sandbox escape
2024-03-16 00:00:00
cvelist
cvelist
CVE-2023-37903 Sandbox Escape in vm2
2023-07-21 19:42:09
CVE-2023-37466 vm2 Sandbox Escape vulnerability
2023-07-13 23:17:51
CVE-2023-3089 Ocp & fips mode
2023-07-05 12:21:03
redhatcve
redhatcve
CVE-2023-37903
2023-07-25 08:51:18
CVE-2023-37466
2023-08-16 15:21:33
CVE-2023-3089
2023-07-05 12:17:52
cve
cve
CVE-2023-37903
2023-07-21 20:15:16
CVE-2023-37466
2023-07-14 00:15:09
CVE-2023-3089
2023-07-05 13:15:09
packetstorm
packetstorm
vm2 3.9.19 Sandbox Escape
2024-03-18 00:00:00
zdt
zdt
vm2 - Sandbox Escape Exploit
2024-03-18 00:00:00
nessus
nessus
RHEL 8 : Release of OpenShift Serverless Client kn 1.29.1 (Moderate) (RHSA-2023:4471)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.12.23 (RHSA-2023:3924)
2024-01-24 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.23 (RHSA-2023:3924)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2023:3924) Moderate: OpenShift Container Platform 4.12.23 security update
2023-07-06 14:04:22
(RHSA-2023:4471) Moderate: Release of OpenShift Serverless Client kn 1.29.1
2023-08-03 14:52:16
(RHSA-2023:4875) Critical: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates
2023-08-30 13:16:37

0.003 Low

EPSS

Percentile

71.6%

JSON
Related for RHSA-2023:4862
osv5ibm4openvas1github3prion3githubexploit1veracode1exploitdb1cvelist3redhatcve3cve3packetstorm1zdt1nessus11redhat39