Michal Findra

Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack Platform (RHOSP) director versions 16.1 through 17.1 Description: A flaw was found in the Red Hat OpenStack Platform (RHOSP) director, allowing an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors. This could enable a man-in-the-middle (MITM) attack. Recommendations: For versions 16.1 through 17.1, consider disabling the feature that allows disabling TLS certificate verification for registry mirrors until a patch is available. Restrict access to the registry mirrors to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Undertow (affected versions not specified) Description: A vulnerability was found in Undertow where the `ProxyProtocolReadListener` reuses the same `StringBuilder` instance across multiple requests. This issue occurs when the `parseProxyProtocolV1` method processes multiple requests on the same HTTP connection. As a result, different requests may share the same `StringBuilder` instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU NBD Server (affected versions not specified) **Description** A flaw was found in the QEMU NBD Server, allowing a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. This issue is related to synchronization errors and can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: openshift/builder (affected versions not specified) Description: A flaw was found in openshift/builder, allowing command injection via path traversal. This enables a malicious user to execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift console (affected versions not specified) **Description** A flaw was found in the OpenShift console, where several endpoints use the `authHandler()` and `authHandlerWithUser()` middleware functions. When the default authentication provider is set to "openShiftAuth", these functions do not perform authentication checks, relying on the targeted service for authentication and authorization. This leads to data exposure due to a lack of proper credential verification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openshift console (affected versions not specified) **Description** A flaw was found in the Openshift console, specifically in the `/API/helm/verify` endpoint, which is responsible for fetching and verifying the installation of a Helm chart from a remote HTTP/HTTPS or local URI. The `authHandlerWithUser()` middleware function is supposed to gate access to this endpoint, but it does not verify the validity of the user's credentials, allowing unauthenticated users to access the endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.