Risk
High
Patch available
YES
Number of vulnerabilities
27
CVE-ID
CVE-2023-1667CVE-2023-29491CVE-2023-29469CVE-2023-28484CVE-2023-28321CVE-2023-27536CVE-2023-4911CVE-2023-4813CVE-2023-4806CVE-2023-4527CVE-2023-2603CVE-2023-2602CVE-2023-2283CVE-2022-36227CVE-2023-24532CVE-2020-24736CVE-2023-44487CVE-2023-39325CVE-2023-39322CVE-2023-39321CVE-2023-39319CVE-2023-39318CVE-2023-29409CVE-2023-29406CVE-2023-29400CVE-2023-24540CVE-2023-24539
CWE-ID
CWE-20CWE-119CWE-399CWE-476CWE-295CWE-371CWE-416CWE-125CWE-98CWE-401CWE-287CWE-682CWE-400CWE-79CWE-644CWE-94
Exploitation vector
Network
Public exploit
Vulnerability #7 is being exploited in the wild.Vulnerability #17 is being exploited in the wild.
Vulnerable softwareSubscribe
Run Once Duration Override Operator for Red Hat OpenShiftServer applications / Other server solutions
Vendor
Red Hat Inc.
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
EUVDB-ID: #VU75741
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-1667
CWE-ID: CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Run Once Duration Override Operator for Red Hat OpenShift: 1.0.0
CPE2.3
External links
multiple vulnerabilities duration override operator openshift