ALT-PU-2024-14334-4 — cert-manager

BDU:2024-01020

MEDIUM6.9

Уязвимость функции ImageBuild() программного средства для создания систем контейнерной изоляции Moby, позволяющая нарушителю реализовать атаку отравления кэша

Опубликовано: 2024-02-06Изменено: 2026-03-04

CVSS 3.xСРЕДНЯЯ 6.9

CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

CVSS 2.0СРЕДНЯЯ 5.2

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:C/A:P

Ссылки

CVE-2024-24557

BDU:2024-04789

MEDIUM5.5

Уязвимость компонентов DefaultAzureCredential и ManagedIdentityCredential библиотек аутентификации Azure Identity Libraries и Microsoft Authentication Library, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-06-26

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N

Ссылки

CVE-2024-35255

BDU:2024-05760

CRITICAL9.9

Уязвимость плагинов авторизации (AuthZ) программного обеспечения автоматизации развёртывания и управления приложениями в средах с поддержкой контейнеризации Docker Engine, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2024-07-25Изменено: 2026-03-04

CVSS 3.xКРИТИЧЕСКАЯ 9.9

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

Ссылки

CVE-2024-41110

BDU:2024-06681

MEDIUM5.5

Уязвимость пакета retryablehttp, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить конфиденциальные учетные данные базовой аутентификации HTTP

Опубликовано: 2024-09-04

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N

Ссылки

CVE-2024-6104

CVE-2024-24557

HIGH7.8

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.

Опубликовано: 2024-02-01Изменено: 2024-11-21

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2024-35255

MEDIUM5.5

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Опубликовано: 2024-06-11Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2024-41110

CRITICAL9.9

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.

Опубликовано: 2024-07-24Изменено: 2026-04-15

CVSS 3.xКРИТИЧЕСКАЯ 9.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2024-6104

MEDIUM5.5

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

Опубликовано: 2024-06-24Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ссылки

GHSA-m5vv-6r4h-3vj9

MEDIUM6.8

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Опубликовано: 2024-06-11Изменено: 2025-07-22

CVSS 3.xСРЕДНЯЯ 6.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0СРЕДНЯЯ 6.8

CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Ссылки

GHSA-rvj4-q8q5-8grf

MEDIUM6.8

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Опубликовано: 2024-06-20

CVSS 3.xСРЕДНЯЯ 6.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0СРЕДНЯЯ 6.8

CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Ссылки

GHSA-v23v-6jw2-98fq

CRITICAL9.4

Authz zero length regression

Опубликовано: 2024-07-30Изменено: 2024-08-09

CVSS 3.xКРИТИЧЕСКАЯ 9.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS 4.0КРИТИЧЕСКАЯ 9.4

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Ссылки

GHSA-v6v8-xj6m-xwqh

MEDIUM6.0

go-retryablehttp can leak basic auth credentials to log files

Опубликовано: 2024-06-24Изменено: 2024-06-26

CVSS 3.xСРЕДНЯЯ 6.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Ссылки

GHSA-xw73-rw38-6vjc

MEDIUM6.9

Classic builder cache poisoning

Опубликовано: 2024-02-01Изменено: 2024-07-05

CVSS 3.x

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

Ссылки

Обновление пакета cert-manager в ветке c10f2

Закрытые проблемы (13)

Уязвимость функции ImageBuild() программного средства для создания систем контейнерной изоляции Moby, позволяющая нарушителю реализовать атаку отравления кэша

Уязвимость компонентов DefaultAzureCredential и ManagedIdentityCredential библиотек аутентификации Azure Identity Libraries и Microsoft Authentication Library, позволяющая нарушителю повысить свои привилегии

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Authz zero length regression

go-retryablehttp can leak basic auth credentials to log files

Classic builder cache poisoning