Oracle Linux 8 : container-tools:4.0 (ELSA-2024-2084)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2084 advisory. buildah 1.24.7-1 - bump to v1.24.7 - Resolves: RHEL-26767 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun...

RHEL 8 : container-tools:4.0 (RHSA-2024:2097)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2097 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: full...

[SECURITY] Fedora 40 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

CVE-2023-6596

An incomplete fix was shipped for the Rapid Reset CVE-2023-44487/CVE-2023-39325 vulnerability for an OpenShift Containers...

CVE-2023-6596 Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)

An incomplete fix was shipped for the Rapid Reset CVE-2023-44487/CVE-2023-39325 vulnerability for an OpenShift Containers...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

buildah security update

1.31.5-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 1:1.31.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 https://github.com/containers/buildah/commit/5fd539c - Resolves: RHEL-26775...

Oracle Linux 9 : buildah (ELSA-2024-2055)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2055 advisory. 1.31.5-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 1:1.31.5-1 - update to the latest content of...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to limit the server’s ability to accept new connections from legitimate clients.

The vulnerability of Eclipse Jetty servlet containers relates to uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to limit the server’s ability to accept new connections from legitimate clients...

Kubelet Incorrect Privilege Assignment

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. ...

Improper Input Validation

Kubernetes is vulnerable to Improper Input Validation. The vulnerability is due to containers, init containers, and ephemeral containers with the envFrom field populated bypassing the mountable secrets policy, which ensures that pods running with a service account may only reference secrets...

Advisory ROSA-SA-2024-2405

software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...

CVE-2024-2798

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

AZL-40016 CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

CVE-2024-3177

CVE-2024-3177 describes a bypass of Kubernetes’ mountable secrets policy when the ServiceAccount admission plugin is used together with the kubernetes.io/enforce-mountable-secrets annotation and containers (including init and ephemeral) that set envFrom. The vulnerability allows pods running unde...

CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2

CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-3177

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...