kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...

kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update

An update is now available for Red Hat Openshift distributed tracing 2.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.14 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Important: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 8.1.0 security update

The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this...

CVE-2021-33634 Malicious image running containers may cause DoS attacks

iSulad uses the lcr+lxc runtime default to run malicious images, which can cause DOS...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.13 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.13 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: RHACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Medium: containerd

Issue Overview: A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data...

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is available...

AZL-35514 CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl2-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-34015 CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-39652 CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

F5 BIG-IP Next SPK Hardcoded Credentials Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A hard-coded credential vulnerability exists in F5 BIG-IP Next SPK, which can be exploited by an attacker with the ability to...

AZL-34825 CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31314 CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31315 CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34827 CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CVE-2023-45226

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-45226

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...