Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2431
HistoryJul 01, 2021 - 11:55 p.m.

(RHSA-2021:2431) Important: OpenShift Container Platform 4.5.41 security update

2021-07-0123:55:11
access.redhat.com
66

0.028 Low

EPSS

Percentile

90.8%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.5.41. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2021:2430

Security Fix(es):

  • jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)

  • jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)

  • jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)

  • jetty: request containing multiple Accept headers with a large number of “quality” parameters may lead to DoS (CVE-2020-27223)

  • jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)

  • jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)

  • jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints. (CVE-2021-21645)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Placeholder bug for OCP 4.5.41 rpm release (BZ#1972114)
OSVersionArchitecturePackageVersionFilename
RedHat8ppc64leopenshift-clients< 4.5.0-202106011407.p0.git.297a4ac.el8openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.ppc64le.rpm
RedHat8noarchpython3-kuryr-kubernetes< 4.5.0-202106011407.p0.git.75cc301.el8python3-kuryr-kubernetes-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm
RedHat8s390xopenshift-hyperkube< 4.5.0-202106011407.p0.git.d8ef5ad.el8openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.s390x.rpm
RedHat7ppc64leopenshift-clients< 4.5.0-202106011407.p0.git.297a4ac.el7openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.ppc64le.rpm
RedHat8x86_64openshift-clients< 4.5.0-202106011407.p0.git.297a4ac.el8openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.x86_64.rpm
RedHat7noarchopenshift-ansible-test< 4.5.0-202106011407.p0.git.83db419.el7openshift-ansible-test-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm
RedHat7ppc64leopenshift-hyperkube< 4.5.0-202106011407.p0.git.d8ef5ad.el7openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.ppc64le.rpm
RedHat8noarchopenshift-kuryr-cni< 4.5.0-202106011407.p0.git.75cc301.el8openshift-kuryr-cni-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm
RedHat7x86_64openshift-clients< 4.5.0-202106011407.p0.git.297a4ac.el7openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.x86_64.rpm
RedHat7s390xopenshift-hyperkube< 4.5.0-202106011407.p0.git.d8ef5ad.el7openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.s390x.rpm
Rows per page:
1-10 of 281

Related

nessus 15
redhat 15
redhatcve 7
veracode 7
ibm 33
prion 7
cvelist 7
checkpoint_advisories 2
osv 21
github 7
cve 7
alpinelinux 4
nvd 7
ubuntucve 3
openvas 11
f5 1
debiancve 3
githubexploit 1
suse 1
debian 3
oracle 5
nessus
nessus
RHEL 7 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)
2021-07-02 00:00:00
RHEL 7 : OpenShift Container Platform 3.11.462 (RHSA-2021:2517)
2021-07-01 00:00:00
RHEL 8 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)
2021-06-29 00:00:00
redhat
redhat
(RHSA-2021:2517) Important: OpenShift Container Platform 3.11.462 bug fix and security update
2021-06-30 15:09:46
(RHSA-2021:2122) Important: OpenShift Container Platform 4.7.13 packages and security update
2021-06-01 03:31:35
(RHSA-2021:2499) Moderate: OpenShift Container Platform 4.6.36 security update
2021-06-29 05:50:19
redhatcve
redhatcve
CVE-2021-21645
2021-04-21 16:44:56
CVE-2021-21643
2021-04-21 19:21:15
CVE-2021-21642
2021-04-21 19:19:51
veracode
veracode
Information Disclosure
2021-06-08 12:38:33
XML External Entity (XXE)
2021-06-08 12:38:31
Cross-Site Request Forgery (CSRF)
2021-06-08 12:38:32
ibm
ibm
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server
2021-07-30 05:06:11
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy
2021-07-30 05:06:05
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Performance Tester (CVE-2020-27216)
2021-01-25 11:28:26
prion
prion
Xxe
2021-04-21 15:15:00
Design/Logic Flaw
2021-04-21 15:15:00
Cross site request forgery (csrf)
2021-04-21 15:15:00
cvelist
cvelist
CVE-2021-21642
2021-04-21 14:20:28
CVE-2021-21645
2021-04-21 14:20:33
CVE-2021-21644
2021-04-21 14:20:31
checkpoint_advisories
checkpoint_advisories
Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)
2022-11-20 00:00:00
Eclipse Jetty Denial Of Service (CVE-2020-27223)
2021-04-05 00:00:00
osv
osv
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
2022-05-24 17:48:05
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
2022-05-24 17:48:06
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
2022-05-24 17:48:06
github
github
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
2022-05-24 17:48:06
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
2022-05-24 17:48:06
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
2022-05-24 17:48:06
cve
cve
CVE-2021-21645
2021-04-21 15:15:08
CVE-2021-21642
2021-04-21 15:15:08
CVE-2021-21644
2021-04-21 15:15:08
alpinelinux
alpinelinux
CVE-2021-21642
2021-04-21 15:15:08
CVE-2021-21645
2021-04-21 15:15:08
CVE-2021-21644
2021-04-21 15:15:08
nvd
nvd
CVE-2021-21645
2021-04-21 15:15:08
CVE-2021-21642
2021-04-21 15:15:08
CVE-2021-21643
2021-04-21 15:15:08
ubuntucve
ubuntucve
CVE-2020-27216
2020-10-23 00:00:00
CVE-2020-27223
2021-02-26 00:00:00
CVE-2020-27218
2020-11-28 00:00:00
openvas
openvas
Eclipse Jetty DoS Vulnerability (GHSA-m394-8rww-3jr7) - Linux
2021-03-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0940-1)
2021-06-09 00:00:00
Eclipse Jetty DoS Vulnerability (GHSA-m394-8rww-3jr7) - Windows
2021-03-02 00:00:00
f5
f5
K18484125 : Eclipse Jetty vulnerability CVE-2020-27216
2022-05-18 00:00:00
debiancve
debiancve
CVE-2020-27216
2020-10-23 13:15:16
CVE-2020-27223
2021-02-26 22:15:19
CVE-2020-27218
2020-11-28 01:15:11
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Eclipse Jetty
2021-03-19 03:50:45
suse
suse
Security update for jetty-minimal (moderate)
2021-01-04 00:00:00
debian
debian
[SECURITY] [DSA 4949-1] jetty9 security update
2021-08-04 21:52:09
[SECURITY] [DLA 3641-1] jetty9 security update
2023-10-30 20:10:54
[SECURITY] [DLA 2661-1] jetty9 security update
2021-05-14 13:28:53
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

0.028 Low

EPSS

Percentile

90.8%

JSON
Related for RHSA-2021:2431
nessus15redhat15redhatcve7veracode7ibm33prion7cvelist7checkpoint_advisories2osv21github7cve7alpinelinux4nvd7ubuntucve3openvas11f51debiancve3githubexploit1suse1debian3oracle5