Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2024/06/11 2:52 p.m.37 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.58 CNF vRAN extras security update

An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.12. This release includes a security update for CVE-2023-30841 topology-aware-lifecycle-manager-operator-container: baremetal-operator...

6CVSS6.2AI score0.00191EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2023/10/26 4:29 p.m.36 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 CNF vRAN extras security update

An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVS...

7.5CVSS7.1AI score0.99999EPSS
Exploits20References54
RedHat Linux
RedHat Linux
added 2023/05/17 10:30 p.m.51 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

9.1CVSS7AI score0.05994EPSS
Exploits9References909
RedhatCVE
RedhatCVE
added 2023/04/27 8:51 a.m.130 views

CVE-2023-30841

A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone havi...

6CVSS5.6AI score0.00191EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/26 6:24 p.m.5 views

CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps

Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...

6CVSS5.9AI score0.00191EPSS
Exploits1References2
CVE
CVE
added 2023/04/26 6:24 p.m.189 views

CVE-2023-30841

Baremetal Operator (BMO) pre-0.3.0 stores ironic and ironic-inspector .htpasswd credentials as ConfigMaps, exposing plain-text usernames and hashed passwords to anyone with cluster-wide read access or etcd access. The issue is fixed in BMO release 0.3.0 and via PR #1241. Affected component: Barem...

6CVSS5.9AI score0.00191EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/26 6:24 p.m.59 views

CVE-2023-30841 Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps

Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...

6CVSS6.1AI score0.00191EPSS
Exploits1References2
Rows per page
Query Builder