Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:6689
HistorySep 19, 2024 - 5:26 a.m.

(RHSA-2024:6689) Important: OpenShift Container Platform 4.14.37 bug fix and security update

2024-09-1905:26:47
access.redhat.com

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

8

Confidence

Low

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.37.

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

  • openshift/builder: Path traversal allows command injection in privileged
    BuildContainer using docker build strategy (CVE-2024-7387)
  • openshift-controller-manager: Elevated Build Pods Can Lead to Node
    Compromise in OpenShift (CVE-2024-45496)

more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 4
osv 4
vulnrichment 2
nvd 2
cve 2
github 2
cvelist 2
redhat
redhat
(RHSA-2024:6691) Important: OpenShift Container Platform 4.13.50 bug fix and security update
2024-09-19 00:08:31
(RHSA-2024:6685) Important: OpenShift Container Platform 4.15.33 bug fix and security update
2024-09-19 09:27:01
(RHSA-2024:6687) Important: OpenShift Container Platform 4.16.13 bug fix and security update
2024-09-19 05:36:46
osv
osv
OpenShift Controller Manager Improper Privilege Management
2024-09-17 00:31:06
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
2024-09-17 00:31:06
OpenShift Controller Manager Improper Privilege Management in github.com/openshift/openshift-controller-manager
2024-09-18 15:16:22
vulnrichment
vulnrichment
CVE-2024-45496 Openshift-controller-manager: elevated build pods can lead to node compromise in openshift
2024-09-16 23:58:59
CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
2024-09-16 23:58:35
nvd
nvd
CVE-2024-45496
2024-09-17 00:15:52
CVE-2024-7387
2024-09-17 00:15:52
cve
cve
CVE-2024-45496
2024-09-17 00:15:52
CVE-2024-7387
2024-09-17 00:15:52
github
github
OpenShift Controller Manager Improper Privilege Management
2024-09-17 00:31:06
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
2024-09-17 00:31:06
cvelist
cvelist
CVE-2024-45496 Openshift-controller-manager: elevated build pods can lead to node compromise in openshift
2024-09-16 23:58:59
CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
2024-09-16 23:58:35

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

8

Confidence

Low

JSON
Related for RHSA-2024:6689
redhat4osv4vulnrichment2nvd2cve2github2cvelist2