Robb Gatica

**Name of the Vulnerable Software and Affected Versions** OpenShift Dedicated (affected versions not specified) **Description** A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the `hive/hive-controllers` pod. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift Dedicated versions prior to v0.0.0-20240604173837-d1557bc283dd **Description** A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. This issue allows a non-privileged user on the cluster to create a MustGather object with a specially crafted file and set the most privileged service account to run the job, potentially escalating their privileges to a cluster administrator and pivoting to the AWS environment. **Recommendations** For OpenShift Dedicated versions prior to v0.0.0-20240604173837-d1557bc283dd, update to version v0.0.0-20240604173837-d1557bc283dd or later to resolve the issue. As a temporary workaround, consider restricting access to the MustGather CRD to prevent non-privileged users from creating specially crafted files.

**Name of the Vulnerable Software and Affected Versions** Keycloak SAML adapters (affected versions not specified) **Description** A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the `turnOffChangeSessionIdOnLogin` option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pulp (affected versions not specified) **Description** A flaw was found in the Pulp package related to role-based access control (RBAC) objects. When an RBAC object is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin`, typically the `add roles for object creator` method. This method finds the object creator by checking the current authenticated user. For objects created within a task, the current user is set by the first user with any permissions on the task object. This results in the oldest user with model/domain-level task permissions being set as the current user of a task, even if they didn't dispatch the task. Consequently, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libtiff (affected versions not specified) **Description** A null pointer dereference flaw was found in Libtiff via `tif dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skupper (affected versions not specified) **Description** A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the console-enabled and with console-auth set to Openshift, configuring the openshift oauth-proxy with a static cookie-secret. The vulnerability is related to the use of default credentials in certain circumstances. **Recommendations** As a temporary workaround, consider disabling the console-auth set to Openshift until a patch is available. Restrict access to the Skupper console to minimize the risk of exploitation. Avoid using the static cookie-secret in the openshift oauth-proxy configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Katello plugin for Foreman (affected versions not specified) **Description** A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the `Description` field of a user. This code can be executed when opening certain pages, for example, Host Collections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift Telemeter (affected versions not specified) **Description** The issue is related to a flaw in OpenShift's Telemeter that allows an attacker to bypass authentication using a forged token. This can be done by exploiting the "iss" check during JSON web token (JWT) authentication. If certain conditions are met, a remote attacker can use this flaw to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Booth (affected versions not specified) Description: A flaw was found in Booth, a cluster ticket manager, related to insufficient authentication of data. The issue is associated with the `gcry md get algo dlen()` function. If a specially-crafted hash is passed to this function, it may allow an invalid HMAC to be accepted by the Booth server. This could potentially be exploited by a remote attacker. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: gnome-remote-desktop (affected versions not specified) Description: A flaw was found in the gnome-remote-desktop package, where the gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. This allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition, potentially exposing the system RDP TLS certificate and key to unauthorized users. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Platform (RHOSP) director (affected versions not specified) **Description** A flaw in the OpenStack Platform director allows plaintext passwords to be stored in log files. This can expose sensitive information to anyone with access to the logs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 389-ds-base (affected versions not specified) **Description** A flaw in the 389-ds-base directory server is related to insufficient input validation. This issue can be exploited by a remote attacker using a specially-crafted LDAP query, potentially causing a denial of service on the directory server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rust-openssl (affected versions not specified) **Description** A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The issue affects the legacy PKCS#1v1.5 RSA encryption padding mode. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** csmock (affected versions not specified) **Description** A vulnerability was found in csmock where a regular user of the OSH service, with a valid Kerberos ticket, can disclose the confidential Snyk authentication token and run arbitrary commands on OSH workers. The issue can be exploited through a local network attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Podman (affected versions not specified) Description: A flaw in Podman may allow an attacker to create a specially crafted container that can exhaust resources in /dev/shm by creating a large number of IPC resources. This can lead to a memory-based denial of service of the system, especially when a container is configured to restart always, such as with `podman run --restart=always`. The issue arises because the IPC resources created by the malicious container are not removed even after the container is out-of-memory (OOM) killed, as they are tied to an IPC namespace that remains open until all using containers are stopped. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osbuild-composer (affected versions not specified) **Description** A flaw in osbuild-composer can trigger a condition that disables GPG verification for package repositories. This can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. The issue is related to incorrect cryptographic signature verification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgcrypt (affected versions not specified) **Description** A timing-based side-channel flaw was found in libgcrypt's RSA implementation, which may allow a remote attacker to initiate a Bleichenbacher-style attack. This can lead to the decryption of RSA ciphertexts. The issue is related to insufficient protection of service data due to timing discrepancies, potentially enabling a remote attacker to perform a Bleichenbacher or Marvin attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Quarkus (affected versions not specified) Description: The issue is related to a flaw in the RESTEasy Reactive implementation, where security checks for some JAX-RS endpoints are performed after serialization, leading to increased resource consumption. An attacker with knowledge of specific request paths can potentially identify vulnerable endpoints and trigger excessive resource usage, resulting in a denial of service. The estimated number of potentially affected devices and details about real-world incidents are not provided. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeIPA (affected versions not specified) **Description** The issue is related to insufficient input validation in the ipautil.py script's run() function on the FreeIPA server, specifically with the `user` parameter (/sip/session/login password). This may allow a remote attacker to craft HTTP requests that can be interpreted as command arguments to kinit on the FreeIPA server, potentially leading to unauthorized access to protected information or a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Undertow (affected versions not specified) **Description** A path traversal vulnerability was found in Undertow, which may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP. This could permit access to privileged or restricted files and directories. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.