Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-16197: Certificates and accounts associated with tenanted deployment targets are not validated · Issue #6529 · OctopusDeploy/Issues

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.

CVE
Open in Source
#kubernetes#auth

CVE-2020-16197

Description

A credential scoped to one tenant could be used to affect another tenant in certain circumstances.

Effectively, the logic was previously, "A credential may be used to access this target if it is applicable to any tenant on this target", and has been changed to, “A credential may be used to access this target only if it is applicable to ALL tenants on this target.”

For example, given a certificate scoped to Tenant A and a deployment target scoped to Tenant A and Tenant B, the certificate would have previously been permitted to be used by the deployment. To give a more concrete example: with a Kubernetes cluster containing two tenants’ application instances, changes made to the cluster can conceivably affect both tenants, so the certificate used to authenticate to the cluster now needs to be scoped to both tenants in order for its use to be permitted.

Affected versions

Octopus Server: 3.4 (since tenants were introduced).

Mitigation / Fix

  1. If an account/certificate is marked as "Exclude from tenanted deployments", change it to "Include in both tenanted and untenanted deployments".
  2. Add any missing tenants to the account/certificate.

In some edge cases, it is possible that an account or certificate has been inadvertently reused across tenants where it genuinely should not have been shared.

In this case, we recommend that you:

  • Provision a new account/certificate for each tenant whose infrastructure is completely segregated from the others.
  • Scope the new account/certificate to just that tenant.

In the second scenario, it is feasible as a short-term workaround to follow the same steps as in the first scenario (i.e. scope the credential to all the tenants to mimic previous behavior) until the additional accounts/certificates have been provisioned.

Links

  • Original issue (internal): https://trello.com/c/vi2iLTzq/3521-security-bug-in-tenant-scoping-validation
  • Collective issue (internal): https://trello.com/c/LXuCeOaG/3610-releasing-2020122-2020218-202033-and-latest-of-master-that-has-the-security-fix-tenant-scoping

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE