The safety alert issued for Red Hat OpenShift has obtained an replace from BSI. You can examine which merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 26, 2024 for a safety vulnerability in Red Hat OpenShift identified on April 16, 2024. The safety vulnerability impacts the Linux working system and the Fedora Linux and Red Hat OpenShift merchandise .
The newest producer suggestions concerning updates, workarounds and safety patches for this vulnerability may be discovered right here: Fedora Security Advisory FEDORA-2024-B8E474FBD3 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.
OpenShift Red Hat Security Advisory – Risk: Moderate
Risk degree: 2 (reasonable)
CVSS Base Score: 5.3
CVSS provisional rating: 4,6
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc techniques. The CVSS normal makes it potential to match potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances that will change over time are thought-about within the take a look at. The magnitude of the vulnerability talked about right here is rated as “reasonable” in response to CVSS with a base rating of 5.3.
Red Hat OpenShift Bug: Vulnerability Allows Information Disclosure
Red Hat OpenShift is a “Platform as a Service” (PaaS) resolution for delivering functions within the cloud.
A distant, unknown attacker might exploit a vulnerability in Red Hat OpenShift to reveal info.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-21501 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Fedora Linux (cpe:/o:fedoraproject:fedora)
Red Hat OpenShift Container Platform
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to verify each time a producing firm makes a brand new safety replace accessible.
Sources for updates, patches and workarounds
Here one can find some hyperlinks with details about bug reviews, safety fixes and workarounds.
Fedora Security Advisory FEDORA-2024-B8E474FBD3 vom 2024-05-24 (26.05.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-AF1F06C79C vom 2024-05-24 (26.05.2024)
For extra info, see:
Red Hat Bugzilla – Bug 2266111 (16.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-16 (16.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 2 of this Red Hat OpenShift IT safety discover. This doc will probably be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.
April 16, 2024 – First model
May 26, 2024 – New updates from Fedora added
+++ Editorial be aware: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de