Important: Red Hat Security Advisory: Submariner v0.22 security fixes and container updates

Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: Submariner v0.22 security fixes and container updates

Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Server Side Request Forgery (SSRF)

github.com/openshift/console is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the lack of proper checks on the /api/dev-console/proxy/internet endpoint, which allows authenticated users to make arbitrary HTTP requests from the console's pod to services inside the...

CVE-2024-6538

CVE-2024-6538 is an OpenShift Console Server‑Side Request Forgery vulnerability. An authenticated user can abuse the /api/dev-console/proxy/internet endpoint to command the console pod to perform arbitrary HTTP(S) requests, potentially reaching services inside the cluster that are not exposed to ...

It was found in OpenShift before version 4.8 that the generated certificate for the in-cluster Service CA incorrectly included additional certificates. The Service CA is automatically mounted into all pods allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.

...

Privilege Escalation

openshift is vulnerable to privilege escalation. The vulnerability exists due to incorrectly included additional certificates which allows pods to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA...

CVE-2021-3636

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...

PT-2021-3729 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: OpenShift versions prior to 4.8 Description: The issue is related to the generated certificate for the in-cluster Service CA in OpenShift, which incorrectly includes additional certificates. This allows an attacker that compromises any of the...

openshift: Injected service-ca.crt incorrectly contains additional internal CAs

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...

CVE-2021-31921

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTOPASSTHROUGH routing configuration...

Authentication flaw

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could...

CVE-2019-1848 Cisco DNA Center Authentication Bypass Vulnerability

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could...

CVE-2007-3775

CVE-2007-3775 affects Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS). The available documents describe an unspecified vulnerability that allows remote attackers to cause a denial of service (loss of cluster services). The exact vulnerable comp...