GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

PT-2024-36825 · Unknown · Fence Agents Remediation Operator

Name of the Vulnerable Software and Affected Versions: Fence Agents Remediation operator affected versions not specified Description: A flaw was found in the Fence Agents Remediation operator, allowing a Remote Code Execution RCE primitive by supplying an arbitrary command to execute in the...

Critical: Red Hat Security Advisory: OpenShift Container Platform 3.4 security update

An update is now available for Red Hat OpenShift Container Platform release 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

kubernetes: authentication/authorization bypass in the handling of non-101 responses

A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...

kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath

It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...