As BSI now stories, an IT safety warning a few identified vulnerability in Red Hat OpenShift has obtained an replace. You can examine which merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for Red Hat OpenShift on May 22, 2024. The report lists a number of vulnerabilities that might be exploited by attackers. The safety vulnerability impacts the Linux working system and the Red Hat OpenShift product. This alert was final up to date on May 23, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:2901 (From 23 May 2024). Some helpful sources are listed later on this article.
Multiple vulnerabilities have been reported for Red Hat OpenShift – Risk: High
Risk degree: 5 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS normal makes it potential to check potential or precise safety dangers primarily based on varied metrics with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally keep in mind adjustments over time within the danger scenario. According to CVSS, the chance of the vulnerability talked about right here is rated as “excessive” on the idea of 8.8 factors.
Red Hat OpenShift Bug: Description of the assault
Red Hat OpenShift is a “Platform as a Service” (PaaS) answer for delivering functions within the cloud.
An attacker could exploit a number of vulnerabilities in Red Hat OpenShift to tamper with recordsdata, trigger a denial of service, execute malicious code, expose delicate data, escalate privileges, or carry out different unspecified assaults.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2020-26555, CVE-2021-25220, CVE-2021-29390, CVE-2021-43618, CVE-2022-0480, CVE-2022-2795, CVE-2022-32092-3094, CVE-3092-3092, CVE-2022-2795 2022-40090, CVE-2022-45934, CVE-2022-48554, CVE-2022-48624, CVE-2023-24023, CVE-2023-25193, CVE-2023-2572-202, CVE-3VE -202, CVE-2023-2023-2572-202. 26364, CVE-2023-28322, CVE-2023-28464, CVE-2023-28866, CVE-2023-2975, CVE-2023-31083, CVE-2023-31122, CVE-3562, CVE-2062, CVE-2062-2073, CVE-2023-31083 CVE-2023-3618, CVE-2023-37453, CVE-2023-3817, CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023 -3382472, CVE-38472, CVE-38472, CVE-2023-38470 2023-38546, CVE-2023-39189, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-39326, CVE-2023-4072-2075, CVE-39194, CVE-2023-39326, CVE-2023-4072-2075 4133. CVE-2023-45286, CVE-2023-45287, CVE-2023-45288, CVE-2023-45289 , CVE-2023-45290, CVE-2023-45857, CVE-2023-358-202, CVE-862023 2023-46862, CVE-2023-47038, CVE-2023-48631, CVE-2023-50387, CVE-2023- 50868, CVE-2023-51043, CVE-2023-5172-702, CVE-3VE-2082, CVE-2023-512-702 52425, CVE-2023-52434, CVE-2023-52448, CVE-2023-52476, CVE -2023-52489, CVE-2023-52522, CVE-2023-52529, CVE-52476, CVE-52476, CVE-2023-52489 CVE-2023-52580, CVE-2023-52581, CVE-2023-52597, CVE- 2023-52610, CVE-2023-52620, CVE-2023-5678, CVE-2023-60201, CVE-60402, CVE-61202,3 2023-6129, CVE-2023-6176, CVE-2023-6228, CVE-2023 -6237, CVE-2023-6240, CVE-2023-6531, CVE-2023-6546, CVE-2023-623VE 6915, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2024- 0565, CVE-2024-0727, CVE-2024-0841, CVE-2024-1085, CVE-1085, 4 CVE-2024-1394, CVE-2024-1488, CVE-2024-21011, CVE-2024-21012, CVE -2024-21068, CVE-2024-21085, CVE-2024-2122-965, CVE-210365, CVE-210365 2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24786, CVE- 2024-25062, CVE-2024-25742, CVE-2024-2572-402, CVE-2574022, CVE-2024-2082 26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26586, CVE-2024 -26593, CVE-2024-26602, CVE-2024-26609, CVE-2024-26586, CVE-2024-26593, CVE-2024-26602, CVE-2024-26609, CVE-2024-2034-2034 CVE-2024-26609 28834, CVE-2024-28835, CVE-2024-28849, CVE-2024-29180, CVE-2024-2961, CVE-2024-33599, CVE-2024-3362-602, CVE-36002 2024-33602.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat OpenShift (cpe:/a:redhat:openshift)
Red Hat Migration Toolkit for OpenShift Applications OpenShift Custom Metric Autoscaler 2 (cpe:/a:redhat:openshift)
General steps for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace out there.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2901 vom 2024-05-23 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2933 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2932 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2930 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2929 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22 (22.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 2 of this Red Hat OpenShift IT safety discover. This doc will likely be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past beneath.
May 22, 2024 – First model
05/23/2024 – New updates from Red Hat have been added
+++ Editorial notice: This doc is predicated on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de