VDB
CVE-2021-4235
CVE-2021-4235
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines unbegrenzten Alias-Chasing, bei dem eine in böser Absicht erstellte YAML-Datei dazu führen kann, dass das System erhebliche Systemressourcen in der go-yaml-Komponente verbraucht. Ein entfernterm anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.04% · 11.8th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.04%
11.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.0 | |
| Red Hat | Red Hat OpenShift Container Platform <4.13.4 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Oracle | Oracle Linux | |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | |
| Red Hat | Red Hat OpenShift Container Platform <4.11.43 | |
| Gentoo | Gentoo Linux | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 | |
| Red Hat | Red Hat Enterprise Linux Service Interconnect 1 | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.46 | |
| Meinberg | Meinberg LANTIME <7.08.007 | |
| Fedora | Fedora Linux | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.22 | |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | |
| Red Hat | Red Hat OpenShift Virtualization 4.13 | |
| Red Hat | Red Hat OpenShift Container Platform 4.11 | |
| Red Hat | Red Hat OpenShift Container Platform <4.11.44 |
…and 6 more
Timeline
- Apr 14, 2021 CVE Published
- Dec 28, 2022 EPSS Score
- Feb 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 21, 2023 EPSS Score
- May 1, 2023 EPSS Score
- Jun 11, 2023 EPSS Score
- Jul 23, 2023 EPSS Score
- Sep 2, 2023 EPSS Score
- Oct 13, 2023 EPSS Score
- Nov 24, 2023 EPSS Score
- Jan 4, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0111.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0111 advisory
- https://access.redhat.com/errata/RHSA-2022:7398 advisory
- https://access.redhat.com/errata/RHSA-2022:7399 advisory
- https://access.redhat.com/errata/RHSA-2023:0264 advisory
- https://linux.oracle.com/errata/ELSA-2023-0328.html advisory
- https://access.redhat.com/errata/RHSA-2023:0328 advisory
- https://access.redhat.com/errata/RHSA-2023:0445 advisory
- https://access.redhat.com/errata/RHSA-2023:0446 advisory
- http://linux.oracle.com/errata/ELSA-2023-0446.html advisory
- https://access.redhat.com/errata/RHSA-2023:0569 advisory
- https://access.redhat.com/errata/RHSA-2023:0570 advisory
- https://access.redhat.com/errata/RHSA-2023:0631 advisory
- https://access.redhat.com/errata/RHSA-2023:0709 advisory
- https://access.redhat.com/errata/RHSA-2023:0708 advisory
- https://access.redhat.com/errata/RHSA-2023:0727 advisory
- https://access.redhat.com/errata/RHSA-2023:0769 advisory
- https://access.redhat.com/errata/RHSA-2023:0774 advisory
- https://access.redhat.com/errata/RHSA-2023:1042 advisory
- https://access.redhat.com/errata/RHSA-2023:1174 advisory
…and 65 more