Created
November 12, 2020 03:38
-
-
Save sfowl/01eef38272098cf698605ab1ab7d73e9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ # OCP 4.2.z bugs | |
$ bugzilla --ensure-logged-in query --json --from-url | |
"buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&bug_severity=high&bug_severity=urgent&target_release=4.2.z" | jq -r '.bugs[].summary' | sort -u | tee /tmp/all-4.2.z-trackers | |
CVE-2018-12207 machine-os-content-container: hw: Machine Check Error on Page Size Change (IPU) [openshift-4.2.z] | |
CVE-2019-10431 jenkins-2-plugins: jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin [openshift-4.2.z] | |
CVE-2019-10746 kibana: nodejs-mixin-deep: prototype pollution in function mixin-deep [openshift-4.2-default] | |
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z] | |
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z] | |
CVE-2019-9512 CVE-2019-9514 apb: various flaws [openshift-4.2] | |
CVE-2019-9512 CVE-2019-9514 containernetworking-plugins: various flaws [openshift-4.2] | |
CVE-2019-9512 CVE-2019-9514 golang-github-prometheus-promu: various flaws [openshift-4.2.z] | |
CVE-2020-10696 openshift-enterprise-builder-container: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z] | |
CVE-2020-10696 podman: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z] | |
CVE-2020-10712 ose-cluster-image-registry-operator-container: openshift/cluster-image-registry-operator: secrets disclosed in logs [openshift-4.2.z] | |
CVE-2020-2099 CVE-2020-2100 CVE-2020-2101 CVE-2020-2102 CVE-2020-2103 CVE-2020-2104 CVE-2020-2105 jenkins: various flaws [openshift-4.3.z] | |
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z] | |
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: various flaws [openshift-4.2.z] | |
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z] | |
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z] | |
CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [openshift-4.2.z] | |
EMBARGOED CVE-2020-8555 openshift-enterprise-hyperkube-container: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [openshift-4.2.z] | |
$ # Recent bugs fixed in errata | |
$ bugzilla --ensure-logged-in query --json --from-url "buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&status=CLOSED&resolution=ERRATA&bug_severity=high&bug_severity=urgent&chfieldfrom=2020-09-01&chfieldto=Now" | jq -r '.bugs[].summary' | sed 's/\[openshift.*//' | sort -u | tee /tmp/recent-bugs | |
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws | |
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws | |
CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets | |
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities | |
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws | |
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws | |
$ # Compare | |
$ grep -F -f /tmp/recent-bugs /tmp/all-4.2.z-trackers | |
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z] | |
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z] | |
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z] | |
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z] | |
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z] | |
There's 4.2.z bugs for each of these already, except for CVE-2020-14336 which is actually a | |
Low (looks like Eng raised the tracker severity, but that's different from the flaw impact). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment