wid-sec-w-2024-0947
Vulnerability from csaf_certbund
Published
2024-04-22 22:00
Modified
2024-10-30 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0947 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0947.json" }, { "category": "self", "summary": "WID-SEC-2024-0947 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-04-22", "url": "https://access.redhat.com/errata/RHSA-2024:1946" }, { "category": "external", "summary": "Red Hat Bugzilla \u2013 Bug 2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "external", "summary": "Red Hat Bugzilla \u2013 Bug 2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2639 vom 2024-05-01", "url": "https://access.redhat.com/errata/RHSA-2024:2639" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2549 vom 2024-04-30", "url": "https://access.redhat.com/errata/RHSA-2024:2549" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02", "url": "https://access.redhat.com/errata/RHSA-2024:2049" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2054 vom 2024-05-02", "url": "https://access.redhat.com/errata/RHSA-2024:2054" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2071 vom 2024-05-02", "url": "https://access.redhat.com/errata/RHSA-2024:2071" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-2549 vom 2024-05-07", "url": "https://linux.oracle.com/errata/ELSA-2024-2549.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2669 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2669" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09", "url": "https://access.redhat.com/errata/RHSA-2024:2672" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2776 vom 2024-05-15", "url": "https://access.redhat.com/errata/RHSA-2024:2776" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15", "url": "https://access.redhat.com/errata/RHSA-2024:2773" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2784 vom 2024-05-16", "url": "https://access.redhat.com/errata/RHSA-2024:2784" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21", "url": "https://access.redhat.com/errata/RHSA-2024:2865" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3254" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2869 vom 2024-05-23", "url": "https://access.redhat.com/errata/RHSA-2024:2869" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2877 vom 2024-05-23", "url": "https://access.redhat.com/errata/RHSA-2024:2877" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30", "url": "https://access.redhat.com/errata/RHSA-2024:3351" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30", "url": "https://access.redhat.com/errata/RHSA-2024:3349" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29", "url": "https://access.redhat.com/errata/RHSA-2024:3327" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3254 vom 2024-06-01", "url": "https://linux.oracle.com/errata/ELSA-2024-3254.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-C95D3199C5 vom 2024-06-03", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c95d3199c5" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2024-1BEAA94D86 vom 2024-06-03", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1beaa94d86" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3550 vom 2024-06-03", "url": "https://access.redhat.com/errata/RHSA-2024:3550" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10", "url": "https://access.redhat.com/errata/RHSA-2024:3523" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3827 vom 2024-06-11", "url": "https://access.redhat.com/errata/RHSA-2024:3827" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3826 vom 2024-06-12", "url": "https://linux.oracle.com/errata/ELSA-2024-3826.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3827 vom 2024-06-12", "url": "https://linux.oracle.com/errata/ELSA-2024-3827.html" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:3827 vom 2024-06-14", "url": "https://errata.build.resf.org/RLSA-2024:3827" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:3826 vom 2024-06-14", "url": "https://errata.build.resf.org/RLSA-2024:3826" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3968 vom 2024-06-18", "url": "https://access.redhat.com/errata/RHSA-2024:3968" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3968 vom 2024-06-19", "url": "https://linux.oracle.com/errata/ELSA-2024-3968.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3989 vom 2024-06-20", "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4028 vom 2024-06-20", "url": "https://access.redhat.com/errata/RHSA-2024:4028" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26", "url": "https://access.redhat.com/errata/RHSA-2024:4041" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27", "url": "https://access.redhat.com/errata/RHSA-2024:4006" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02", "url": "https://errata.build.resf.org/RLSA-2024:3968" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17", "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4455 vom 2024-07-29", "url": "https://access.redhat.com/errata/RHSA-2024:4455" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASDOCKER-2024-041 vom 2024-08-13", "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-041.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:6209 vom 2024-09-03", "url": "https://access.redhat.com/errata/RHSA-2024:6209" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8229 vom 2024-10-23", "url": "https://access.redhat.com/errata/RHSA-2024:8229" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23", "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30", "url": "https://access.redhat.com/errata/RHSA-2024:8677" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-10-30T23:00:00.000+00:00", "generator": { "date": "2024-10-31T09:15:05.484+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-0947", "initial_release_date": "2024-04-22T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-02T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-07T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-05-09T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-15T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-16T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-20T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-22T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-23T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-30T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-02T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-03T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Fedora und Red Hat aufgenommen" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date": "2024-06-16T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-06-17T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-18T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-19T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-20T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-26T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-02T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date": "2024-07-07T22:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2024-07-16T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-29T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-08-13T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-09-03T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-09-25T22:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-22T22:00:00.000+00:00", "number": "30", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-23T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-10-30T23:00:00.000+00:00", "number": "32", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "32" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "RESF Rocky Linux", "product": { "name": "RESF Rocky Linux", "product_id": "T032255", "product_identification_helper": { "cpe": "cpe:/o:resf:rocky_linux:-" } } } ], "category": "vendor", "name": "RESF" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "Service Mesh Containers \u003c2.5.1", "product": { "name": "Red Hat OpenShift Service Mesh Containers \u003c2.5.1", "product_id": "T034345" } }, { "category": "product_version", "name": "Service Mesh Containers 2.5.1", "product": { "name": "Red Hat OpenShift Service Mesh Containers 2.5.1", "product_id": "T034345-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.5.1" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.15.12", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.15.12", "product_id": "T034661" } }, { "category": "product_version", "name": "Container Platform 4.15.12", "product": { "name": "Red Hat OpenShift Container Platform 4.15.12", "product_id": "T034661-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.12" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.14.24", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.14.24", "product_id": "T034662" } }, { "category": "product_version", "name": "Container Platform 4.14.24", "product": { "name": "Red Hat OpenShift Container Platform 4.14.24", "product_id": "T034662-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.24" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.15.14", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.15.14", "product_id": "T034932" } }, { "category": "product_version", "name": "Container Platform 4.15.14", "product": { "name": "Red Hat OpenShift Container Platform 4.15.14", "product_id": "T034932-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.14.26", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.14.26", "product_id": "T035037" } }, { "category": "product_version", "name": "Container Platform 4.14.26", "product": { "name": "Red Hat OpenShift Container Platform 4.14.26", "product_id": "T035037-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.26" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.13.42", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.13.42", "product_id": "T035048" } }, { "category": "product_version", "name": "Container Platform 4.13.42", "product": { "name": "Red Hat OpenShift Container Platform 4.13.42", "product_id": "T035048-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.13.42" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.17.2", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.17.2", "product_id": "T038527" } }, { "category": "product_version", "name": "Container Platform 4.17.2", "product": { "name": "Red Hat OpenShift Container Platform 4.17.2", "product_id": "T038527-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.17.2" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28180", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht in der Jose-Komponente des Service Mesh Containers aufgrund eines unsachgem\u00e4\u00dfen Umgangs mit stark komprimierten Daten, die es erm\u00f6glichen, Anmeldedaten einzusehen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T034932", "67646", "T038527", "398363", "T004914", "T034345", "T032255", "T035037", "T035048", "74185", "T034662", "T034661" ] }, "release_date": "2024-04-22T22:00:00.000+00:00", "title": "CVE-2024-28180" }, { "cve": "CVE-2024-28849", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im follow-redirects-Paket des Service Mesh Containers aufgrund eines fehlenden Clearing-Prozesses, der es erm\u00f6glicht, eine JWE mit komprimierten Daten zu senden, die gro\u00dfe Mengen an Speicher und CPU verbraucht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T034932", "67646", "T038527", "398363", "T004914", "T034345", "T032255", "T035037", "T035048", "74185", "T034662", "T034661" ] }, "release_date": "2024-04-22T22:00:00.000+00:00", "title": "CVE-2024-28849" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.