39 matches found
Improper Authorization
github.com/metal3-io/baremetal-operator is vulnerable to Improper Authorization. The .htpasswd files that Ironic and Ironic-inspector store as ConfigMaps rather than secrets when they are installed within Baremetal Operator using the deploy.sh file that is supplied. Anyone with access to the...
GHSA-9WH7-397J-722M Ironic and ironic-inspector may expose as ConfigMaps
Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...
Ironic and ironic-inspector may expose as ConfigMaps
Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...
CVE-2023-30841
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
Default credentials
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841
Baremetal Operator (BMO) pre-0.3.0 stores ironic and ironic-inspector .htpasswd credentials as ConfigMaps, exposing plain-text usernames and hashed passwords to anyone with cluster-wide read access or etcd access. The issue is fixed in BMO release 0.3.0 and via PR #1241. Affected component: Barem...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
PT-2023-22996 · Unknown +1 · Baremetal Operator +2
Name of the Vulnerable Software and Affected Versions: Baremetal Operator versions prior to 0.3.0 Description: The issue arises from the storage of .htpasswd files as ConfigMaps instead of Secrets by ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh. This...
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by...
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by...
Design/Logic Flaw
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been found in OpenShift Container Platform. The private key for an external cluster certificate is stored in an insecure manner in the oauth-serving-cert ConfigMaps and therefore available to any OpenShift user or service account. A malicious can obtain this private key and...
Red Hat OpenShift Container Platform 信息泄露漏洞
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. The Red Hat OpenShift Container Platform suffers fro...
Path Traversal
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...
Information Disclosure
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...
Remote Code Execution (RCE)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...