SB2021112915 - Multiple vulnerabilities in OpenShift Container Platform 4.9
Published: November 29, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Protection Mechanism Failure (CVE-ID: CVE-2021-21690)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. An attacker can bypass implemented security restrictions and elevate privileges on the system.
2) Missing Authorization (CVE-ID: CVE-2021-21692)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path. A remote attacker can compromise the target system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-21694)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace, which leads to security restrictions bypass and privilege escalation.
4) Path traversal (CVE-ID: CVE-2021-21686)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to file path filters do not canonicalize paths. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
5) Missing Authorization (CVE-ID: CVE-2021-21688)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#reading(FileVisitor) does not reject any operations. A remote attacker can have unrestricted read access using certain operations.
6) Missing Authorization (CVE-ID: CVE-2021-21689)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#unzip and FilePath#untar are not subject to any access control. A remote attacker can read and write arbitrary files on the system.
7) Missing Authorization (CVE-ID: CVE-2021-21691)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to creating symbolic links is possible without the symlink permission. A remote attacker can compromise the target system.
8) Missing Authorization (CVE-ID: CVE-2021-21695)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the FilePath#listFiles lists files outside directories with agent read access when following symbolic links. A remote attacker can compromise the target system.
9) Missing Authorization (CVE-ID: CVE-2021-21697)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. A remote attacker can compromise the target system.
10) Missing Authorization (CVE-ID: CVE-2021-21685)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application does not check agent-to-controller access to create parent directories in FilePath#mkdirs. A remote attacker can read and write arbitrary files on the Jenkins controller file system.
11) Improper Authorization (CVE-ID: CVE-2021-21693)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to permission to create files is only checked after they’ve been created. A remote attacker can compromise the target system.
12) Protection Mechanism Failure (CVE-ID: CVE-2021-21696)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the affected application does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. A remote authenticated attacker can replace the code of a trusted library with a modified variant and execute arbitrary code on the system.
13) Path traversal (CVE-ID: CVE-2021-21698)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
14) Missing Authorization (CVE-ID: CVE-2021-21687)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the affected application does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. A remote attacker can compromise the target system.
Remediation
Install update from vendor's website.