14 matches found
EUVD-2020-28941
Malware in sbrugna...
SUSE CVE-2020-8029
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...
SUSE CVE-2020-8030
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...
CVE-2020-8029
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...
CVE-2020-8029
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...
CVE-2020-8030
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...
Design/Logic Flaw
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...
Design/Logic Flaw
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...
CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...
CVE-2020-8030
CVE-2020-8030 affects SUSE CaaS Platform 4.5, specifically the scuba/skuba join workflow that uses insecure temporary files in /tmp. The root cause is insecure handling of temporary files, enabling a local attacker to leak the bootstrapToken or modify the configuration file before it is processed...
CVE-2020-8029
The CVE-2020-8029 entry concerns SUSE CaaS Platform 4.5 where the skuba component permits an Incorrect Permission Assignment for a Critical Resource, enabling local attackers to access the kublet key. Affected versions are skuba prior to the patch referenced by SUSE’s pull request #1416 (https://...
CVE-2020-8029 skuba: Insecure handling of private key
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...
SUSE-SU-2020:3760-1 Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package
= Required Actions == Kubernetes & etcd Security fixes This fix involves an upgrade of Kubernetes and some add-ons. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/clusterupdates.htmlupdatingkubernetescomponents for the upgrade procedure. == Skuba & helm/helm3 In order to updat...
SUSE-RU-2020:2204-1 Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557)
= Required Actions == Kubernetes Security fix This fix will be applied to the kubelet daemon running on the nodes by skuba-update. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/clusterupdates.htmlbaseosupdates for more details. Make sure you look at the Release Notes...