Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:1499
HistoryMay 04, 2021 - 2:45 p.m.

(RHSA-2021:1499) Moderate: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update

2021-05-0414:45:35
access.redhat.com
89
red hat advanced cluster management
kubernetes
security
bug fix
cve
release notes
nodejs-underscore
nodejs-netmask
nodejs-glob-parent
nodejs-is-svg
bz#1936883
bz#1943092
bz#1949103
bz#1951384

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.08

Percentile

94.4%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to
address common challenges that administrators and site reliability engineers
face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single consoleโ€”with
security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs and security issues. See the
following Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Security fixes:

  • nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)

  • nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)

  • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

  • nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)

  • nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.

Bug fixes:

  • ACM UI is not escaping cluster names (BZ# 1936883)

  • specify โ€œfolder:โ€ for vsphere cluster creation result empty namespace ,no hive (BZ# 1943092)

  • RHACM 2.2.3 images (BZ# 1949103)

  • Applications wonโ€™t create properly on native K8S cluster (BZ# 1951384)

Related

osv 19
redhatcve 6
cvelist 6
cve 6
f5 2
nvd 6
veracode 7
github 5
prion 6
nessus 41
redhat 10
nodejs 3
ibm 11
nuclei 1
malwarebytes 1
openvas 17
atlassian 10
suse 2
fedora 3
debiancve 3
ubuntucve 3
mageia 1
githubexploit 1
debian 2
vulnrichment 1
ubuntu 3
oraclelinux 2
alpinelinux 1
altlinux 2
redos 7
cbl_mariner 1
rocky 1
amazon 1
slackware 1
cloudfoundry 1
almalinux 1
centos 1
photon 1
gentoo 1
hackerone 1
tenable 1
osv
osv
Improper parsing of octal bytes in netmask
2021-04-14 15:03:16
CVE-2021-28918
2021-04-01 13:15:14
CVE-2021-29418
2021-03-30 07:15:13
redhatcve
redhatcve
CVE-2021-29418
2021-03-30 17:56:56
CVE-2021-28918
2021-03-30 18:27:42
CVE-2021-28092
2021-03-15 16:32:10
cvelist
cvelist
CVE-2021-29418
2021-03-30 06:08:00
CVE-2021-28092
2021-03-12 21:31:35
CVE-2021-28918
2021-04-01 12:33:50
cve
cve
CVE-2021-29418
2021-03-30 07:15:13
CVE-2021-28918
2021-04-01 13:15:14
CVE-2021-28092
2021-03-12 22:15:14
f5
f5
K25521404 : Node.js netmask vulnerability CVE-2021-28918 and CVE-2021-29418
2021-04-05 00:00:00
K33101555 : Nettle cryptography library vulnerability CVE-2021-20305
2021-06-08 00:00:00
nvd
nvd
CVE-2021-29418
2021-03-30 07:15:13
CVE-2021-28918
2021-04-01 13:15:14
CVE-2021-28092
2021-03-12 22:15:14
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-03-31 02:12:59
Server-Side Request Forgery (SSRF)
2021-03-31 00:33:39
Regular Expression Denial Of Service (ReDoS)
2021-03-15 06:24:10
github
github
Improper parsing of octal bytes in netmask
2021-04-14 15:03:16
netmask npm package mishandles octal input data
2021-03-29 21:32:05
Regular Expression Denial of Service (ReDoS)
2021-03-19 21:25:50
prion
prion
Improper access control
2021-03-30 07:15:00
Input validation
2021-04-01 13:15:00
Design/Logic Flaw
2021-03-12 22:15:00
nessus
nessus
RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)
2021-07-22 00:00:00
RHEL 8 : cockpit-ovirt (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : nodejs-glob-parent (Unpatched Vulnerability)
2024-05-11 00:00:00
redhat
redhat
(RHSA-2021:2865) Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
2021-07-22 14:06:26
(RHSA-2021:1246) Important: gnutls and nettle security update
2021-04-19 11:27:37
(RHSA-2021:2760) Important: nettle security update
2021-07-19 07:31:57
nodejs
nodejs
netmask npm package vulnerable to octal input data
2021-03-29 21:35:07
Regular expression denial of service
2021-06-07 21:57:10
Arbitrary Code Execution
2021-05-06 16:14:45
ibm
ibm
Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Automation Manager
2021-05-19 17:16:39
Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Pak for Multicloud Management Managed Service
2021-05-19 17:05:04
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability - Underscore.js (CVE-2021-23358)
2021-12-15 08:11:30
nuclei
nuclei
Netmask NPM Package - Server-Side Request Forgery
2021-07-06 06:50:43
malwarebytes
malwarebytes
The npm netmask vulnerability explained so you can actually understand it
2021-03-31 12:28:16
openvas
openvas
Debian: Security Advisory (DSA-4883-1)
2021-04-03 00:00:00
Debian: Security Advisory (DLA-2613-1)
2021-04-01 00:00:00
Ubuntu: Security Advisory (USN-4913-2)
2022-01-28 00:00:00
atlassian
atlassian
Mobile web: upgrade Underscore.js to 1.13.1 or higher
2022-07-04 00:08:49
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
2021-06-02 16:03:32
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
2021-10-21 11:57:11
suse
suse
Security update for nodejs-underscore (important)
2021-04-23 00:00:00
Security update for libnettle (important)
2021-05-01 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-underscore-1.13.1-1.fc33
2021-08-24 01:05:31
[SECURITY] Fedora 34 Update: nodejs-underscore-1.13.1-1.fc34
2021-08-24 03:33:12
[SECURITY] Fedora 33 Update: gnutls-3.6.16-1.fc33
2021-06-01 01:06:08
debiancve
debiancve
CVE-2020-28469
2021-06-03 16:15:07
CVE-2021-23358
2021-03-29 14:15:18
CVE-2021-20305
2021-04-05 22:15:12
ubuntucve
ubuntucve
CVE-2020-28469
2021-06-03 00:00:00
CVE-2021-23358
2021-03-29 00:00:00
CVE-2021-20305
2021-04-05 00:00:00
mageia
mageia
Updated puddletag packages fix security vulnerability
2021-06-18 22:24:28
githubexploit
githubexploit
Exploit for Code Injection in Underscorejs Underscore
2023-02-25 19:12:13
debian
debian
[SECURITY] [DSA 4883-1] underscore security update
2021-04-01 19:56:52
[SECURITY] [DLA 2613-1] underscore security update
2021-03-31 21:27:11
vulnrichment
vulnrichment
CVE-2021-23358 Arbitrary Code Injection
2021-03-29 13:15:34
ubuntu
ubuntu
Underscore vulnerability
2021-04-28 00:00:00
Underscore vulnerability
2021-04-14 00:00:00
Nettle vulnerability
2021-04-13 00:00:00
oraclelinux
oraclelinux
gnutls and nettle security update
2021-04-16 00:00:00
nettle security update
2021-04-09 00:00:00
alpinelinux
alpinelinux
CVE-2021-20305
2021-04-05 22:15:12
altlinux
altlinux
Security fix for the ALT Linux 9 package gnutls30 version 3.6.16-alt1
2021-06-09 00:00:00
Security fix for the ALT Linux 10 package gnutls30 version 3.6.16-alt1
2021-05-31 00:00:00
redos
redos
ROS-2-830
2021-09-08 00:00:00
ROS-2-583
2023-07-06 00:00:00
ROS-2-500
2021-09-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20305 affecting package nettle 3.4.1-2
2021-05-06 23:56:43
rocky
rocky
gnutls and nettle security update
2021-04-14 20:07:45
amazon
amazon
Important: nettle
2021-04-20 17:55:00
slackware
slackware
[slackware-security] gnutls
2021-05-25 18:17:19
cloudfoundry
cloudfoundry
USN-4906-1: Nettle vulnerability | Cloud Foundry
2021-04-29 00:00:00
almalinux
almalinux
Important: gnutls and nettle security update
2021-04-14 20:07:45
centos
centos
nettle security update
2021-04-16 20:23:43
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0339
2021-04-21 00:00:00
gentoo
gentoo
Nettle: Denial of service
2021-05-26 00:00:00
hackerone
hackerone
Node.js: Unexpected input validation of octal literals in nodejs v15.12.0 and below returns defined values for all undefined octal literals.
2021-03-30 14:26:29
tenable
tenable
[R2] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities
2021-07-22 18:11:52

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.08

Percentile

94.4%

JSON
Related for RHSA-2021:1499
osv19redhatcve6cvelist6cve6f52nvd6veracode7github5prion6nessus41redhat10nodejs3ibm11nuclei1malwarebytes1openvas17atlassian10suse2fedora3debiancve3ubuntucve3mageia1githubexploit1debian2vulnrichment1ubuntu3oraclelinux2alpinelinux1altlinux2redos7cbl_mariner1rocky1amazon1slackware1cloudfoundry1almalinux1centos1photon1gentoo1hackerone1tenable1