Latest vulnerabilities of Sunday, September 24, 2023

Latest vulnerabilities of Sunday, September 24, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/24/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(2) HIGH VULNERABILITIES [7.0, 8.9]

Source : redhat.com

Vulnerability ID : CVE-2023-1260

First published on : 24-09-2023 01:15:42
Last modified on : 24-09-2023 01:15:42

Description :
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

CVE ID : CVE-2023-1260
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:3976 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4093 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4312 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4898 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-1260 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2176267 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1625

First published on : 24-09-2023 01:15:43
Last modified on : 24-09-2023 01:15:43

Description :
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

CVE ID : CVE-2023-1625
Source : secalert@redhat.com
CVSS Score : 7.4

References :
https://access.redhat.com/security/cve/CVE-2023-1625 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181621 | source : secalert@redhat.com
https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb | source : secalert@redhat.com
https://launchpad.net/bugs/1999665 | source : secalert@redhat.com


(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : redhat.com

Vulnerability ID : CVE-2023-1633

First published on : 24-09-2023 01:15:43
Last modified on : 24-09-2023 01:15:43

Description :
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

CVE ID : CVE-2023-1633
Source : secalert@redhat.com
CVSS Score : 6.6

References :
https://access.redhat.com/security/cve/CVE-2023-1633 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181761 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1636

First published on : 24-09-2023 01:15:43
Last modified on : 24-09-2023 01:15:43

Description :
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CVE ID : CVE-2023-1636
Source : secalert@redhat.com
CVSS Score : 6.0

References :
https://access.redhat.com/security/cve/CVE-2023-1636 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181765 | source : secalert@redhat.com


(0) LOW VULNERABILITIES [0.1, 3.9]

(0) NO SCORE VULNERABILITIES [0.0, 0.0]

This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.