Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3344

EPSS 0.68% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3344

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat OpenShift Container Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat OpenShift Container Platform是美国红帽(Red Hat)公司的一套可帮助企业在物理、虚拟和公共云基础架构之间开发、部署和管理现有基于容器的应用程序的应用平台。 Red Hat OpenShift Container Platform存在安全漏洞。该漏洞源于在构建期间,构建上下文之外的凭据会自动安装到正在构建的容器映像中。OpenShift用户可以重用凭证在构建期间的这个容器内执行代码,以覆盖内部注册中心中的任意容器映像,或升级其特权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-openshift/builder before github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 -

II. Public POCs for CVE-2021-3344

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3344

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-03-16 · 15 CVEs total

CVE-2021-285434.0 MEDIUMMartin Blix Grydeland varnish-modules 代码问题漏洞
CVE-2020-24263Portainer 权限许可和访问控制问题漏洞
CVE-2020-24264Portainer 访问控制错误漏洞
CVE-2021-22887Pulse Secure PSA5000 and PSA7000 安全漏洞
CVE-2021-25916Paul Humphreys patchmerge 安全漏洞
CVE-2021-27938Silverstripe CMS 跨站脚本漏洞
CVE-2020-28899ZyXEL LTE4506-M606 访问控制错误漏洞
CVE-2021-28380TYPO3 跨站脚本漏洞
CVE-2021-28381TYPO3 SQL注入漏洞
CVE-2021-28294Egavilan Media Bakeshop Online Ordering System 代码问题漏洞
CVE-2021-28295Egavilan Media Bakeshop Online Ordering System SQL注入漏洞
CVE-2021-3127NATS Server 访问控制错误漏洞
CVE-2021-20218Rohan Kumar kubernetes-client 路径遍历漏洞
CVE-2019-3897红帽 Red Hat 安全漏洞

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-522

V. Comments for CVE-2021-3344

No comments yet

Leave a comment