Sage Mctaggart

**Name of the Vulnerable Software and Affected Versions** JSS (affected versions not specified) **Description** A flaw was found in JSS, which is a memory leak that requires non-standard configuration. This issue can be exploited as a low-effort Denial of Service (DoS) vector if configured in a specific way, such as repeatedly hitting the login page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack (affected versions not specified) **Description** A flaw was found in OpenStack, where multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cri-o versions prior to 1.26.0 **Description** A vulnerability was found in cri-o, allowing the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For cri-o versions prior to 1.26.0, update to version 1.26.0 or later to resolve the issue. As a temporary workaround, consider using additional security controls like SELinux to prevent any damage a container is able to do with root on the host.

**Name of the Vulnerable Software and Affected Versions** Openshift version 4.9 **Description** The issue is related to the lack of HTTP Strict Transport Security (HSTS) in Openshift, which may allow man-in-the-middle (MITM) attacks. HSTS is a security feature that helps prevent MITM attacks by ensuring that communications between a client and a server are encrypted. Without HSTS, an attacker could potentially intercept and modify traffic. **Recommendations** For Openshift version 4.9, consider implementing HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue is related to the absence of the X-FRAME-OPTIONS header in response headers, which helps prevent Clickjacking attacks. Without this header, some browsers may interpret the results incorrectly, allowing clickjacking attacks to occur. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openshift (affected versions not specified) **Description** A flaw in Openshift allows an attacker to exploit the DNS search policy, affecting confidentiality and availability. This occurs when a pod has a DNSPolicy of "ClusterFirst" and may incorrectly resolve the hostname based on a service provided, enabling the attacker to supply an incorrect name. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Buildah (affected versions not specified) **Description** A flaw was found in Buildah, where incorrect absolute path traversal may disclose the local path and the lowest subdirectory, resulting in an impact to confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** buildah (affected versions not specified) **Description** A vulnerability was found in buildah, where incorrect following of symlinks while reading .containerignore and .dockerignore files results in information disclosure. This issue affects buildah as part of Podman. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keystone (affected versions not specified) **Description** A flaw was found in Keystone, where there is a time lag of up to one hour in the default configuration between when the security policy says a token should be revoked and when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. The issue is related to the revocation of token access, potentially allowing an authenticated remote attacker to obtain access despite efforts to remove it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ceph (affected versions not specified) **Description** A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16-rc6 **Description** The issue is related to the ef100 update stats function in the drivers/net/ethernet/sfc/ef100 nic.c module of the Linux kernel, which lacks a check of the return value of `kmalloc()`. This can lead to a pointer dereference error. Exploitation of this issue may allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions prior to 5.16-rc6, consider disabling the `ef100 update stats` function as a temporary workaround until a patch is available. Restrict access to the vulnerable module `ef100 nic.c` to minimize the risk of exploitation. Avoid using the `kmalloc()` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ceph Storage (affected versions not specified) **Description** A key length flaw was found in the encryption algorithm of Red Hat Ceph Storage. This flaw allows an attacker to create a non-random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. The vulnerability is related to the incorrect passing of the key length in the encryption algorithm. An attacker can exploit this flaw to gain access to confidential data and compromise their integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ceph versions prior to 16.y.z Description: A flaw was found in ceph where it stores mgr module passwords in clear text. This issue can be identified by searching the mgr logs for `grafana` and `dashboard`, with passwords visible. The highest threat from this issue is to confidentiality. Recommendations: For versions prior to 16.y.z, consider restricting access to the mgr logs to minimize the risk of password exposure until a patch is available. As a temporary workaround, avoid using the `mgr` module for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ceph-ansible versions 4.0.34.1 through 4.0.41 **Description** A flaw in Ceph-ansible allows any user on the system to read sensitive information within the /etc/ceph/iscsi-gateway.conf file due to insecure default permissions. The highest threat from this issue is to confidentiality. **Recommendations** For versions 4.0.34.1 through 4.0.41, consider changing the permissions of the /etc/ceph/iscsi-gateway.conf file to restrict access to sensitive information until a patch is available. As a temporary workaround, restrict access to the `iscsi-gateway.conf` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ceph versions prior to 15.2.6 Ceph versions prior to 14.2.14 **Description** A flaw was found in the Cephx authentication protocol, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. **Recommendations** For versions prior to 15.2.6, update to version 15.2.6 or later. For versions prior to 14.2.14, update to version 14.2.14 or later. As a temporary workaround, consider restricting access to the Ceph cluster network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ceph Storage RadosGW (Ceph Object Gateway) versions prior to 14.2.21 **Description** A flaw was found in the Red Hat Ceph Storage RadosGW related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. This issue is also related to insufficient input validation, which may allow a remote attacker to impact data integrity. **Recommendations** For versions prior to 14.2.21, update to version 14.2.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the CORS configuration file to minimize the risk of exploitation. Avoid using the newline character in the ExposeHeader tag until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ceph versions prior to 14.2.20 **Description** The issue is related to a flaw in the authentication procedure of the ceph storage network, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability allows key reuse when the monitor handles `CEPHX GET AUTH SESSION KEY` requests, enabling an attacker to request a `global id` previously associated with another user. This poses a significant threat to data confidentiality, integrity, and system availability. **Recommendations** For versions prior to 14.2.20, update to version 14.2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `CEPHX GET AUTH SESSION KEY` request handler to minimize the risk of exploitation. Additionally, avoid reusing `global id` values associated with other users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ceph Storage RGW versions prior to 14.2.21 **Description** The issue is related to incorrect handling of a URL that ends with two slashes, which can cause the system to crash, resulting in a denial of service. This can be exploited by a remote attacker, posing the greatest threat to system availability. **Recommendations** For versions prior to 14.2.21, update to version 14.2.21 or later to resolve the issue. As a temporary workaround, consider restricting access to swift URLs that end with two slashes to minimize the risk of exploitation.