31 matches found
EUVD-2019-7903
Malware in sbrugna...
EUVD-2023-1258
Malicious code in bioql PyPI...
Secret Exfiltration
github.com/metal3-io/baremetal-operator is vulnerable to Secret Exfiltration. The vulnerability is due to BMO's ability to read Secrets from any namespace, which allows an attacker to exfiltrate Secrets from other namespaces by linking them to a BareMetalHost configuration...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.5 security and bug fix container updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2023-3637 via neutron (>=12.1.1 <=15.3.4)
neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2023-3637 Source advisory: OSV:GHSA-R3JH-QHGJ-GVR8...
Improper Authorization
github.com/metal3-io/baremetal-operator is vulnerable to Improper Authorization. The .htpasswd files that Ironic and Ironic-inspector store as ConfigMaps rather than secrets when they are installed within Baremetal Operator using the deploy.sh file that is supplied. Anyone with access to the...
CVE-2023-30841
A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone havi...
Ironic and ironic-inspector may expose as ConfigMaps
Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...
CVE-2023-30841
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
Default credentials
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841
Baremetal Operator (BMO) pre-0.3.0 stores ironic and ironic-inspector .htpasswd credentials as ConfigMaps, exposing plain-text usernames and hashed passwords to anyone with cluster-wide read access or etcd access. The issue is fixed in BMO release 0.3.0 and via PR #1241. Affected component: Barem...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
PT-2023-22996 · Unknown +1 · Baremetal Operator +2
Name of the Vulnerable Software and Affected Versions: Baremetal Operator versions prior to 0.3.0 Description: The issue arises from the storage of .htpasswd files as ConfigMaps instead of Secrets by ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh. This...
networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2022-3277 via neutron (>=12.1.1 <=15.3.4)
neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2022-3277 Source advisory: OSV:GHSA-W446-H7VG-WV3P...
networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-40797 via neutron (>=12.1.1 <=15.3.4)
neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-40797 Source advisory: OSV:GHSA-CPX3-696P-3CW9...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
Design/Logic Flaw
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...