7 matches found
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.58 CNF vRAN extras security update
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.12. This release includes a security update for CVE-2023-30841 topology-aware-lifecycle-manager-operator-container: baremetal-operator...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 CNF vRAN extras security update
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVS...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
CVE-2023-30841
A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone havi...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...
CVE-2023-30841
Baremetal Operator (BMO) pre-0.3.0 stores ironic and ironic-inspector .htpasswd credentials as ConfigMaps, exposing plain-text usernames and hashed passwords to anyone with cluster-wide read access or etcd access. The issue is fixed in BMO release 0.3.0 and via PR #1241. Affected component: Barem...
CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...