The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8686 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.16.20. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:8683

    Security Fix(es):

    * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)
    * Podman: Buildah: CRI-O: symlink traversal vulnerability in the     containers/storage library can cause Denial of Service (DoS)     (CVE-2024-9676)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 / 9 : OpenShift Container Platform 4.16.20 (RHSA-2024:8686)

high Nessus Plugin ID 210452

Version 1.2