A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3924 advisory.

  - openshift: OCP & FIPS mode (CVE-2023-3089)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory.

  - golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

  - kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook  admission plugin (CVE-2023-2727)

  - kube-apiserver: Bypassing enforce mountable secrets policy imposed by the  ServiceAccount admission plugin     (CVE-2023-2728)

  - openshift: OCP & FIPS mode (CVE-2023-3089)

  - ovn: service monitor MAC flow is not rate limited (CVE-2023-3153)

  - golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

  - scipy: use-after-free in Py_FindObjects() function (CVE-2023-29824)

  - goproxy: Denial of service (DoS) via unspecified vectors. (CVE-2023-37788)

  - golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)

  - golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

  - golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

  - golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)     (CVE-2023-39325)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3910 advisory.

  - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

  - openshift: OCP & FIPS mode (CVE-2023-3089)

  - golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4093 advisory.

  - kube-apiserver: PrivEsc (CVE-2023-1260)

  - openshift: OCP & FIPS mode (CVE-2023-3089)

  - golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

  - golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption     (CVE-2023-24536)

  - golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

  - golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

  - golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

  - runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

  - golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4471 advisory.

  - openshift: OCP & FIPS mode (CVE-2023-3089)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3914 advisory.

  - golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString     (CVE-2022-23772)

  - golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

  - golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

  - golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

  - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

  - openshift: OCP & FIPS mode (CVE-2023-3089)

  - golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3910 advisory.

  - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server     connections contain a cache of HTTP header keys sent by the client. While the total number of entries in     this cache is capped, an attacker sending very large keys can cause the server to allocate approximately     64 MiB per open connection. (CVE-2022-41717)

  - Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing     whitespace characters outside of the character set \t\n\f\r\u0020\u2028\u2029 in JavaScript contexts     that also contain actions may not be properly sanitized during execution. (CVE-2023-24540)

  - A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when     FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3924 advisory.

  - A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when     FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory.

  - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because     an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664)

  - A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE:
    the vendor and discoverer indicate that this is not a security issue. (CVE-2023-29824)

  - A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when     FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

  - A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This     issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and     properly configured. (CVE-2023-3153)

  - goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via     unspecified vectors. (CVE-2023-37788)

  - The html/template package does not properly handle HTML-like  comment tokens, nor hashbang #! comment     tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of     <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS     attack. (CVE-2023-39318)

  - The html/template package does not apply the proper rules for handling occurrences of <script, <!--,     and </script within JS literals in <script> contexts. This may cause the template parser to improperly     consider script contexts to be terminated early, causing actions to be improperly escaped. This could be     leveraged to perform an XSS attack. (CVE-2023-39319)

  - Processing an incomplete post-handshake message for a QUIC connection can cause a panic. (CVE-2023-39321)

  - QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake     messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now     consistently reject messages larger than 65KiB in size. (CVE-2023-39322)

  - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive     server resource consumption. While the total number of requests is bounded by the     http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create     a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound     the number of simultaneously executing handler goroutines to the stream concurrency limit     (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client     has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows     too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2     for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per     HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the     Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

  - Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be     escaped to not be. This could lead to an XSS attack. (CVE-2023-3978)

  - golang: net/http, x/net/http2: rapid stream resets can cause excessive work () (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4093 advisory.

  - An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote,     authenticated attacker who has been given permissions update, patch the pods/ephemeralcontainers     subresource beyond what the default is. They would then need to create a new pod or patch one that they     already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of     a privileged pod. (CVE-2023-1260)

  - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs,     potentially leading to a denial of service. Certain unusual patterns of input data can cause the common     function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold     the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large     amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service.
    With fix, header parsing now correctly allocates only the memory required to hold parsed headers.
    (CVE-2023-24534)

  - Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing     very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the     total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed,     leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased     pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3.
    ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage     collector. The combination of these factors can permit an attacker to cause an program that parses     multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service.
    This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http     package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix,     ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many     fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits     on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit     may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with     NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with     ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with     the environment variable GODEBUG=multipartmaxheaders=. (CVE-2023-24536)

  - Calling any of the Parse functions on Go source code which contains //line directives with very large line     numbers can cause an infinite loop due to integer overflow. (CVE-2023-24537)

  - Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them     as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template     action within a Javascript template literal, the contents of the action can be used to terminate the     literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather     complex, and themselves can do string interpolation, the decision was made to simply disallow Go template     actions from being used inside of them (e.g. var a = {{.}}), since there is no obviously safe way to     allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse     returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is     currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous     behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will     now be escaped. This should be used with caution. (CVE-2023-24538)

  - Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates     containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS     context and allowing for injection of unexpected HTML, if executed with untrusted input. (CVE-2023-24539)

  - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to     libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with     custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a     CVE-2019-19921 regression. (CVE-2023-27561)

  - Templates containing actions in unquoted HTML attributes (e.g. attr={{.}}) executed with empty input can     result in output with unexpected results when parsed due to HTML normalization rules. This may allow     injection of arbitrary attributes into tags. (CVE-2023-29400)

  - A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when     FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3914 advisory.

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount     of PEM data. (CVE-2022-24675)

  - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic     via long scalar input. (CVE-2022-28327)

  - Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3     allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket     ages during session resumption. (CVE-2022-30629)

  - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server     connections contain a cache of HTTP header keys sent by the client. While the total number of entries in     this cache is capped, an attacker sending very large keys can cause the server to allocate approximately     64 MiB per open connection. (CVE-2022-41717)

  - Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing     whitespace characters outside of the character set \t\n\f\r\u0020\u2028\u2029 in JavaScript contexts     that also contain actions may not be properly sanitized during execution. (CVE-2023-24540)

  - A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when     FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194299	RHEL 8 / 9 : OpenShift Container Platform 4.12.23 (RHSA-2023:3924)	Nessus	Red Hat Local Security Checks	high
194294	RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)	Nessus	Red Hat Local Security Checks	critical
194291	RHEL 7 / 8 : Red Hat OpenShift Enterprise (RHSA-2023:3910)	Nessus	Red Hat Local Security Checks	critical
194257	RHEL 8 / 9 : OpenShift Container Platform 4.13.5 (RHSA-2023:4093)	Nessus	Red Hat Local Security Checks	critical
194238	RHEL 8 : Release of OpenShift Serverless Client kn 1.29.1 (Moderate) (RHSA-2023:4471)	Nessus	Red Hat Local Security Checks	high
193590	RHEL 8 : Red Hat OpenShift Enterprise (RHSA-2023:3914)	Nessus	Red Hat Local Security Checks	critical
189445	RHCOS 4 : Red Hat OpenShift Enterprise (RHSA-2023:3910)	Nessus	Red Hat Local Security Checks	critical
189434	RHCOS 4 : OpenShift Container Platform 4.12.23 (RHSA-2023:3924)	Nessus	Red Hat Local Security Checks	high
189423	RHCOS 4 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)	Nessus	Red Hat Local Security Checks	critical
189410	RHCOS 4 : OpenShift Container Platform 4.13.5 (RHSA-2023:4093)	Nessus	Red Hat Local Security Checks	critical
189407	RHCOS 4 : Red Hat OpenShift Enterprise (RHSA-2023:3914)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2023-3089

high

Tenable Plugins

high

critical

critical

critical

high

critical

critical

high

critical

critical

critical