Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:1655
HistoryApr 12, 2023 - 11:51 a.m.

(RHSA-2023:1655) Critical: OpenShift Container Platform 4.10.56 security update

2023-04-1211:51:14
access.redhat.com
90
red hat openshift container platform
kubernetes
security update
rpm packages
cve-2022-42889
cve-2022-31690
cve-2022-31692
cve-2023-24422
cve-2023-27898
cve-2023-27899
cve-2022-3172
cve-2023-27903
cve-2023-27904
vulnerabilities
cvss score

0.972 High

EPSS

Percentile

99.8%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:1656

Security Fix(es):

  • apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  • spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)

  • spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)

  • jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  • Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)

  • Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)

  • kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172)

  • Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

  • Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64openshift-hyperkube< 4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7openshift-hyperkube-4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64.rpm
RedHat8noarchtoolbox< 0.0.9-1.rhaos4.10.el8toolbox-0.0.9-1.rhaos4.10.el8.noarch.rpm
RedHat8x86_64kernel-rt-debug-modules-extra< 4.18.0-305.85.1.rt7.157.el8_4kernel-rt-debug-modules-extra-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
RedHat8s390xkernel-zfcpdump-modules-extra< 4.18.0-305.85.1.el8_4kernel-zfcpdump-modules-extra-4.18.0-305.85.1.el8_4.s390x.rpm
RedHat8x86_64kernel-tools< 4.18.0-305.85.1.el8_4kernel-tools-4.18.0-305.85.1.el8_4.x86_64.rpm
RedHat8aarch64kernel-tools-debuginfo< 4.18.0-305.85.1.el8_4kernel-tools-debuginfo-4.18.0-305.85.1.el8_4.aarch64.rpm
RedHat8x86_64kernel-rt-selftests-internal< 4.18.0-305.85.1.rt7.157.el8_4kernel-rt-selftests-internal-4.18.0-305.85.1.rt7.157.el8_4.x86_64.rpm
RedHat8ppc64lecri-o< 1.23.5-8.rhaos4.10.gitcc8441d.el8cri-o-1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le.rpm
RedHat8aarch64haproxy22-debuginfo< 2.2.19-4.el8haproxy22-debuginfo-2.2.19-4.el8.aarch64.rpm
RedHat8ppc64lekernel-debuginfo-common-ppc64le< 4.18.0-305.85.1.el8_4kernel-debuginfo-common-ppc64le-4.18.0-305.85.1.el8_4.ppc64le.rpm
Rows per page:
1-10 of 1791

Related

nessus 25
redhat 6
openvas 11
freebsd 1
osv 24
cve 10
prion 9
github 7
nvd 9
ibm 20
cgr 5
redhatcve 9
githubexploit 15
cvelist 9
spring 2
ubuntucve 4
veracode 4
redos 2
cbl_mariner 2
alpinelinux 5
wolfi 5
debiancve 2
hackerone 1
ubuntu 1
oraclelinux 4
debian 1
f5 1
malwarebytes 1
rapid7blog 1
gentoo 1
atlassian 1
cnvd 1
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.56 (RHSA-2023:1655)
2024-01-24 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.10.56 (RHSA-2023:1655)
2024-04-28 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3195)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2023:1656) Moderate: OpenShift Container Platform 4.10.56 security update
2023-04-12 11:40:20
(RHSA-2023:3296) Critical: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates
2023-05-24 14:14:01
(RHSA-2023:3195) Important: jenkins and jenkins-2-plugins security update
2023-05-17 16:15:17
openvas
openvas
Jenkins < 2.375.4 (LTS), < 2.394 Multiple Vulnerabilities - Windows
2023-03-09 00:00:00
Jenkins < 2.375.4 (LTS), < 2.394 Multiple Vulnerabilities - Linux
2023-03-09 00:00:00
Jenkins XSS Vulnerability (CVE-2023-27898) - Windows
2023-03-09 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-03-08 00:00:00
osv
osv
CVE-2023-27898
2023-03-10 21:15:15
BIT-jenkins-2023-27899
2024-03-06 10:56:40
spring-security-oauth2-client vulnerable to Privilege Escalation
2022-11-01 12:00:37
cve
cve
CVE-2023-27898
2023-03-10 21:15:15
CVE-2022-31690
2022-10-31 20:15:12
CVE-2023-27899
2023-03-10 21:15:15
prion
prion
Cross site scripting
2023-03-10 21:15:00
Authorization
2022-10-31 20:15:00
Improper access control
2023-02-14 19:15:00
github
github
Incorrect Authorization in Jenkins Core
2023-03-10 21:30:19
Sandbox bypass in Jenkins Script Security Plugin
2023-01-26 21:30:19
Information disclosure through error stack traces related to agents
2023-03-10 21:30:19
nvd
nvd
CVE-2023-27899
2023-03-10 21:15:15
CVE-2022-31690
2022-10-31 20:15:12
CVE-2023-27898
2023-03-10 21:15:15
ibm
ibm
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31690
2023-05-05 15:10:51
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31692
2023-05-05 14:47:09
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to security bypass due to Spring Security (CVE-2022-31692)
2023-01-10 10:53:26
cgr
cgr
CVE-2023-27898 vulnerabilities
2024-05-19 03:07:16
CVE-2023-27899 vulnerabilities
2024-05-19 03:07:16
CVE-2023-25725 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2023-27898
2023-03-13 08:42:55
CVE-2022-31692
2023-01-19 05:35:16
CVE-2023-27904
2023-03-13 08:43:25
githubexploit
githubexploit
Exploit for CVE-2022-31692
2023-10-29 17:31:23
Exploit for CVE-2022-31692
2022-11-03 08:35:20
Exploit for CVE-2022-31692
2022-11-03 08:35:20
cvelist
cvelist
CVE-2023-24422
2023-01-24 00:00:00
CVE-2023-27903
2023-03-08 17:14:52
CVE-2023-27899
2023-03-08 17:14:49
spring
spring
CVE-2022-31692: Authorization rules can be bypassed via forward or include in Spring Security
2022-10-31 16:41:00
CVE-2022-31690: Privilege Escalation in spring-security-oauth2-client
2022-10-31 16:41:00
ubuntucve
ubuntucve
CVE-2022-31692
2022-10-31 00:00:00
CVE-2022-31690
2022-10-31 00:00:00
CVE-2022-3172
2023-11-03 00:00:00
veracode
veracode
Authorization Bypass
2022-11-04 07:19:35
Privilege Escalation
2023-02-25 20:47:07
Privilege Escalation
2022-11-04 06:12:45
redos
redos
ROS-20230620-03
2023-06-20 00:00:00
ROS-20230922-01
2023-09-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-25725 affecting package haproxy for versions less than 2.4.22-1
2023-03-02 21:45:55
CVE-2023-25725 affecting package haproxy 2.1.5-1
2023-06-27 21:25:25
alpinelinux
alpinelinux
CVE-2023-27898
2023-03-10 21:15:00
CVE-2023-27904
2023-03-10 21:15:00
CVE-2023-27899
2023-03-10 21:15:00
wolfi
wolfi
CVE-2023-27898 vulnerabilities
2024-06-29 09:08:33
CVE-2023-27899 vulnerabilities
2024-06-29 09:08:33
CVE-2023-27904 vulnerabilities
2024-06-29 09:08:33
debiancve
debiancve
CVE-2023-25725
2023-02-14 19:15:11
CVE-2022-3172
2023-11-03 20:15:08
hackerone
hackerone
Kubernetes: SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X
2022-04-19 01:33:58
ubuntu
ubuntu
HAProxy vulnerability
2023-02-14 00:00:00
oraclelinux
oraclelinux
kubernetes security update
2022-10-03 00:00:00
kubernetes security update
2022-10-03 00:00:00
kubernetes security update
2022-10-05 00:00:00
debian
debian
[SECURITY] [DLA 3318-1] haproxy security update
2023-02-14 18:04:30
f5
f5
K24823443 : Apache Commons Text vulnerability CVE-2022-42889
2022-10-19 00:00:00
malwarebytes
malwarebytes
Why Log4Text is not another Log4Shell
2022-10-19 19:00:00
rapid7blog
rapid7blog
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
2022-11-04 13:00:00
gentoo
gentoo
Apache Commons Text: Arbitrary Code Execution
2023-01-11 00:00:00
atlassian
atlassian
Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)
2022-10-24 22:35:59
cnvd
cnvd
Apache Commons Text remote code execution vulnerability
2022-10-14 00:00:00

0.972 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2023:1655
nessus25redhat6openvas11freebsd1osv24cve10prion9github7nvd9ibm20cgr5redhatcve9githubexploit15cvelist9spring2ubuntucve4veracode4redos2cbl_mariner2alpinelinux5wolfi5debiancve2hackerone1ubuntu1oraclelinux4debian1f51malwarebytes1rapid7blog1gentoo1atlassian1cnvd1