RHEL 7 / 8 : OpenShift Container Platform 4.1.11 openshift (RHSA-2019:2504)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2504 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11247)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Kubernetes API server that allows access to custom resources via wrong scope CVE-2019-11247 Vulnerability Details CVE-ID: CVE-2019-11247 Description: Kubernetes could allow a remote authenticated attacker to gain...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Unauthorised Access

github.com/kubernetes/kubernetes is vulnerable to unauthorised access to the resources. API server allows a user with access privilege to the custom resources in one namespace to create, view update or delete the cluster-scoped resources...

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

CVE-2019-10165

The CVE describes a vulnerability in OpenShift Container Platform prior to 4.1.3 where OAuth tokens are written in plaintext to API server audit logs. A user with sufficient privileges could recover these tokens from the logs and use them to access other resources. The issue is confirmed by multi...

Low: Red Hat Security Advisory: OpenShift Container Platform 4.1 image security update

An update for ose-cluster-kube-apiserver-operator-container and ose-cluster-openshift-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring Syste...

CVE-2019-4119

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145...

CVE-2019-4119

IBM Cloud Private Kubernetes API server versions 2.1.x and 3.1.x (3.1.0, 3.1.1, 3.1.2) can be used as an HTTP proxy to reach internal and external target IPs. The root cause is an input/proxy handling issue that allows proxying beyond intended scope. Remediation per IBM’s bulletin: upgrade to IBM...

CVE-2019-4119

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145...

Remote Code Execution (RCE)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

Man-In-The-Middle (MitM)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Cross-Site Scripting (XSS)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Improper Access Control

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Privilege Escalation

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Path Traversal

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform

A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform Architecture Demo Data Flow 1 - API request tool, target, options initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes K8s cluster and can be scaled. 2 - API...