Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1420
HistoryApr 27, 2022 - 7:30 a.m.

(RHSA-2022:1420) Important: OpenShift Container Platform 3.11.685 security and bug fix update

2022-04-2707:30:47
access.redhat.com
59
red hat
openshift
security fixes
rpm packages
cve-2022-25173
cve-2022-25174
cve-2022-25175
cve-2022-25181
cve-2022-25182
cve-2022-25183
cve-2021-43859
cve-2022-25176
cve-2022-25177
cve-2022-25178
cve-2022-25179
cve-2022-25180
cve-2022-25184

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

87.1%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.685. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:1421

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

Security Fix(es):

  • workflow-cps: OS command execution through crafted SCM contents (CVE-2022-25173)

  • workflow-cps-global-lib: OS command execution through crafted SCM contents (CVE-2022-25174)

  • workflow-multibranch: OS command execution through crafted SCM contents (CVE-2022-25175)

  • workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)

  • workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)

  • workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)

  • xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859)

  • workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25176)

  • workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25177)

  • workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25178)

  • workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25179)

  • workflow-cps: Password parameters are included from the original build in replayed builds (CVE-2022-25180)

  • pipeline-build-step: Password parameter default values exposed (CVE-2022-25184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64atomic-openshift-node< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-node-3.11.685-1.git.0.7faaeaa.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-tests< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-tests-3.11.685-1.git.0.7faaeaa.el7.x86_64.rpm
RedHat7ppc64leatomic-openshift-hyperkube< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-hyperkube-3.11.685-1.git.0.7faaeaa.el7.ppc64le.rpm
RedHat7x86_64atomic-openshift-template-service-broker< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-template-service-broker-3.11.685-1.git.0.7faaeaa.el7.x86_64.rpm
RedHat7x86_64atomic-enterprise-service-catalog< 3.11.685-1.g2e6be86.el7atomic-enterprise-service-catalog-3.11.685-1.g2e6be86.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-clients< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-clients-3.11.685-1.git.0.7faaeaa.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-descheduler< 3.11.685-1.gd435537.el7atomic-openshift-descheduler-3.11.685-1.gd435537.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-service-idler< 3.11.685-1.g39cfc66.el7atomic-openshift-service-idler-3.11.685-1.g39cfc66.el7.x86_64.rpm
RedHat7x86_64atomic-openshift-hypershift< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-hypershift-3.11.685-1.git.0.7faaeaa.el7.x86_64.rpm
RedHat7ppc64leatomic-openshift-hypershift< 3.11.685-1.git.0.7faaeaa.el7atomic-openshift-hypershift-3.11.685-1.git.0.7faaeaa.el7.ppc64le.rpm
Rows per page:
1-10 of 631

Related

redhat 8
nessus 17
osv 19
cnvd 5
redhatcve 14
cve 14
prion 14
veracode 14
github 14
nvd 14
cvelist 14
alpinelinux 12
openvas 7
fedora 2
ibm 12
ubuntucve 1
suse 1
debiancve 1
debian 1
freebsd 1
oracle 5
redhat
redhat
(RHSA-2022:1025) Important: OpenShift Container Platform 4.10.6 security update
2022-03-28 11:19:37
(RHSA-2022:1248) Important: OpenShift Container Platform 4.7.48 packages and security update
2022-04-13 13:30:44
(RHSA-2022:1620) Important: OpenShift Container Platform 4.6.57 packages and security update
2022-05-04 18:11:30
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 7 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)
2022-04-27 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
osv
osv
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
2022-02-16 00:01:31
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
2022-02-16 00:01:36
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
2022-02-16 00:01:29
cnvd
cnvd
Jenkins Pipeline Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability
2022-02-17 00:00:00
Jenkins Pipeline Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability
2022-03-04 00:00:00
Jenkins Pipeline Build Step Plugin Information Disclosure Vulnerability
2022-02-17 00:00:00
redhatcve
redhatcve
CVE-2022-25175
2022-02-17 15:20:13
CVE-2022-25179
2022-02-17 16:52:43
CVE-2022-25178
2022-02-17 16:52:36
cve
cve
CVE-2022-25175
2022-02-15 17:15:08
CVE-2022-25182
2022-02-15 17:15:09
CVE-2022-25184
2022-02-15 17:15:09
prion
prion
Design/Logic Flaw
2022-02-15 17:15:00
Design/Logic Flaw
2022-02-15 17:15:00
Design/Logic Flaw
2022-02-15 17:15:00
veracode
veracode
Sandbox Bypass
2022-04-21 00:43:03
OS Command Injection
2022-04-21 00:42:27
Privilege Escalation
2022-04-21 00:42:48
github
github
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
2022-02-16 00:01:31
Link Following in Jenkins Pipeline Multibranch Plugin
2022-02-16 00:01:33
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
2022-02-16 00:01:34
nvd
nvd
CVE-2022-25182
2022-02-15 17:15:09
CVE-2022-25184
2022-02-15 17:15:09
CVE-2022-25181
2022-02-15 17:15:09
cvelist
cvelist
CVE-2022-25184
2022-02-15 16:11:08
CVE-2022-25183
2022-02-15 16:11:07
CVE-2022-25179
2022-02-15 00:00:00
alpinelinux
alpinelinux
CVE-2022-25179
2022-02-15 17:15:08
CVE-2022-25176
2022-02-15 17:15:08
CVE-2022-25182
2022-02-15 17:15:09
openvas
openvas
Fedora: Security Advisory for xstream (FEDORA-2022-983a78275c)
2022-02-12 00:00:00
openSUSE: Security Advisory for xstream (openSUSE-SU-2022:0817-1)
2022-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0817-1)
2022-03-14 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34
2022-02-12 01:16:35
[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35
2022-02-12 01:20:20
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
2022-03-30 15:22:38
Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to denial of service (CVE-2021-43859)
2023-01-17 16:19:21
Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)
2023-05-02 07:50:07
ubuntucve
ubuntucve
CVE-2021-43859
2022-02-01 00:00:00
suse
suse
Security update for xstream (moderate)
2022-03-14 00:00:00
debiancve
debiancve
CVE-2021-43859
2022-02-01 12:15:08
debian
debian
[SECURITY] [DLA 2924-1] libxstream-java security update
2022-02-15 21:37:16
freebsd
freebsd
jenkins -- DoS vulnerability in bundled XStream library
2022-02-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

87.1%

JSON
Related for RHSA-2022:1420
redhat8nessus17osv19cnvd5redhatcve14cve14prion14veracode14github14nvd14cvelist14alpinelinux12openvas7fedora2ibm12ubuntucve1suse1debiancve1debian1freebsd1oracle5