Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat OpenShift 1.30.0 SP1 RHSA-2023:5480-01 Important: HTTP Bypass

red hat
Calendar Grey October 5, 2023
Dist Redhat Esm H88
OpenShift Serverless Logic has launched an essential security update tackling critical vulnerabilities, enhancing authentication, access controls, and logging features to protect applications
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat OpenShift Serverless release of OpenShift Serverless Logic.
This release includes security fixes.
Security Fix(es):
* quarkus: HTTP security policy bypass (CVE-2023-4853)
For further information about CVE-2023-4853, see the Red Hat Security Bulletin link in the References section.
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat important OpenShift serverless HTTP policy bypass

References

https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-4853 https://access.redhat.com/security/cve/CVE-2023-22006 https://access.redhat.com/security/cve/CVE-2023-22036 https://access.redhat.com/security/cve/CVE-2023-22041 https://access.redhat.com/security/cve/CVE-2023-22044 https://access.redhat.com/security/cve/CVE-2023-22045 https://access.redhat.com/security/cve/CVE-2023-22049 https://access.redhat.com/security/cve/CVE-2023-25193 https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/cve/CVE-2023-29491 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 Read the Full Advisory

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:5480-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5480
Issue date: 2023-10-05

Topic

Release of OpenShift Serverless Operator 1.30.1 and OpenShift ServerlessLogic 1.30.0 SP1Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat important OpenShift serverless HTTP policy bypass

Relevant Releases Architectures

Bugs Fixed

2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here