Vulnerabilities > CVE-2018-1002105 - 7PK - Errors vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
kubernetes
redhat
netapp
CWE-388
critical
nessus
exploit available

Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Vulnerable Configurations

Part Description Count
Application
Kubernetes
506
Application
Redhat
8
Application
Netapp
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.

Exploit-Db

  • fileexploits/multiple/remote/46052.py
    idEDB-ID:46052
    last seen2018-12-25
    modified2018-12-10
    platformmultiple
    port
    published2018-12-10
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46052
    titleKubernetes - (Unauthenticated) Arbitrary Requests
    typeremote
  • fileexploits/multiple/remote/46053.py
    idEDB-ID:46053
    last seen2018-12-25
    modified2018-12-10
    platformmultiple
    port
    published2018-12-10
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46053
    titleKubernetes - (Authenticated) Arbitrary Requests
    typeremote

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0112_KUBERNETES.NASL
    descriptionAn update of the kubernetes package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122010
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122010
    titlePhoton OS 2.0: Kubernetes PHSA-2018-2.0-0112
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-2.0-0112. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122010);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-1002105");
    
      script_name(english:"Photon OS 2.0: Kubernetes PHSA-2018-2.0-0112");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the kubernetes package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-112.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kubernetes");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"kubernetes-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-1.10.11-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-1.11.5-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-debuginfo-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-debuginfo-1.10.11-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-debuginfo-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-debuginfo-1.11.5-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-kubeadm-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubeadm-1.10.11-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-kubeadm-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubeadm-1.11.5-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-kubectl-extras-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubectl-extras-1.10.11-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-kubectl-extras-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubectl-extras-1.11.5-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-pause-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-pause-1.10.11-1.ph2")) flag++;
    if (rpm_exists(rpm:"kubernetes-pause-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-pause-1.11.5-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kubernetes");
    }
    
  • NASL familyMisc.
    NASL idRANCHER_2_1_3.NASL
    descriptionThe version of a Docker container of Rancher is prior to 1.6.25, 2.0.9, or 2.1.3 and, thus, is affected by a proxy request handling flaw contained in Kubernetes. A remote, unauthenticated attacker may be able to leverage API calls to escalate privileges via proxy request handling vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server
    last seen2020-06-01
    modified2020-06-02
    plugin id119779
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119779
    titleRancher < 1.6.25 / 2.0.9 / 2.1.3 Kubernetes Proxy Request Handling Vulnerability
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119779);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/05 23:25:06");
    
      script_cve_id("CVE-2018-1002105");
      script_bugtraq_id(106068);
    
      script_name(english:"Rancher < 1.6.25 / 2.0.9 / 2.1.3 Kubernetes Proxy Request Handling Vulnerability");
      script_summary(english:"Checks version of Docker container.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A Docker container of Rancher installed on the remote host is
    missing a security patch.");
      script_set_attribute(attribute:"description", value:
    "The version of a Docker container of Rancher is prior to 1.6.25,
    2.0.9, or 2.1.3 and, thus, is affected by a proxy request handling
    flaw contained in Kubernetes.
    
    A remote, unauthenticated attacker may be able to leverage API calls
    to escalate privileges via proxy request handling vulnerability.
    
    Note that a successful attack requires that an API extension server is
    directly accessible from the Kubernetes API server's network or that
    a cluster has granted pod exec, attach, port-forward permissions too
    loosely.");
      # https://forums.rancher.com/t/rancher-security-advisory-kubernetes-cve-2018-1002105/12598
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?abbbe5ed");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to version 1.6.25, 2.0.9, 2.1.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date",value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date",value:"2018/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type",value:"local");
      script_set_attribute(attribute:"cpe",value:"x-cpe:/a:rancher_labs:rancher");
      script_set_attribute(attribute:"potential_vulnerability",value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("rancher_local_detection.nbin");
      script_require_keys("installed_sw/Rancher", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    include("vcf.inc");
    include("vcf_extras.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    app = "Rancher";
    
    get_install_count(app_name:app, exit_if_zero:TRUE);
    app_info = vcf::get_app_info(app:app);
    
    constraints = [
      {"fixed_version" : "1.6.25", "fixed_display" : "v1.6.25"},
      {"min_version"   : "2.0.0",  "fixed_version" : "2.0.9", "fixed_display" : "v2.0.9"},
      {"min_version"   : "2.1.0",  "fixed_version" : "2.1.3", "fixed_display" : "v2.1.3"}
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3537.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119408
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119408
    titleRHEL 7 : OpenShift Container Platform 3.11 (RHSA-2018:3537)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3537. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119408);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/24 15:35:46");
    
      script_cve_id("CVE-2018-1002105", "CVE-2018-12115", "CVE-2018-3830");
      script_xref(name:"RHSA", value:"2018:3537");
    
      script_name(english:"RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2018:3537)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat OpenShift Container Platform
    3.11.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or
    private cloud deployments.
    
    Security Fix(es) :
    
    * A privilege escalation vulnerability exists in OpenShift Container
    Platform 3.x which allows for compromise of pods running on a compute
    node to which a pod is scheduled with normal user privilege. This
    access could include access to all secrets, pods, environment
    variables, running pod/container processes, and persistent volumes,
    including in privileged containers. Additionally, on versions 3.6 and
    higher of OpenShift Container Platform, this vulnerability allows
    cluster-admin level access to any API hosted by an aggregated API
    server. This includes the 'servicecatalog' API which is installed
    by default in 3.7 and later. Cluster-admin level access to the service
    catalog allows creation of brokered services by an unauthenticated
    user with escalated privileges in any namespace and on any node. This
    could lead to an attacker being allowed to deploy malicious code, or
    alter existing services. (CVE-2018-1002105)
    
    * nodejs: Out of bounds (OOB) write via UCS-2 encoding
    (CVE-2018-12115)
    
    * kibana: Cross-site scripting via the source field formatter
    (CVE-2018-3830)
    
    Space precludes documenting all of the bug fixes and enhancements in
    this advisory. See the following Release Notes documentation for
    details about these changes :
    
    https://docs.openshift.com/container-platform/3.11/release_notes/
    ocp_3_11_release_notes.html
    
    All OpenShift Container Platform 3.11 users are advised to upgrade to
    these updated packages and images."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/3716411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.openshift.com/container-platform/3.11/release_notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3537"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-3830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-12115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1002105"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kibana");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-monitor-project-lifecycle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-monitor-sample-app");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-elasticsearch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-nose-xcover");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3537";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_exists(rpm:"atomic-enterprise-service-catalog-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-enterprise-service-catalog-3.11.43-1.git.1671.04b17f5.el7")) flag++;
      if (rpm_exists(rpm:"atomic-enterprise-service-catalog-svcat-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-enterprise-service-catalog-svcat-3.11.43-1.git.1671.04b17f5.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-clients-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-cluster-autoscaler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-cluster-autoscaler-3.11.43-1.git.0.55c4e4b.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-descheduler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-descheduler-3.11.43-1.git.300.a720f7f.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-docker-excluder-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-docker-excluder-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.11.43-1.git.446.b80f8a1.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-excluder-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-excluder-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-hyperkube-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-hyperkube-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-hypershift-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-hypershift-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-master-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-metrics-server-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-metrics-server-3.11.43-1.git.52.6cc0a21.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-node-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-node-problem-detector-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-problem-detector-3.11.43-1.git.252.f45475c.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-pod-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-service-idler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-service-idler-3.11.43-1.git.14.bbbb450.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-template-service-broker-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-template-service-broker-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-tests-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.11.43-1.git.0.647ac05.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-web-console-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-web-console-3.11.43-1.git.316.7753377.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cri-o-1.11.8-2.rhaos3.11.git71cc465.el7")) flag++;
      if (rpm_exists(rpm:"golang-github-openshift-oauth-proxy-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"golang-github-openshift-oauth-proxy-3.11.43-1.git.419.03122b3.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jenkins-2-plugins-3.11.1539805268-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kibana-5.6.12-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kibana-debuginfo-5.6.12-1.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-3.11.43-1.git.0.fa69a02.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-docs-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-docs-3.11.43-1.git.0.fa69a02.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-playbooks-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-playbooks-3.11.43-1.git.0.fa69a02.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-roles-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-roles-3.11.43-1.git.0.fa69a02.el7")) flag++;
      if (rpm_exists(rpm:"openshift-enterprise-autoheal-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-enterprise-autoheal-3.11.43-1.git.219.be400cf.el7")) flag++;
      if (rpm_exists(rpm:"openshift-enterprise-cluster-capacity-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-enterprise-cluster-capacity-3.11.43-1.git.380.9cbcbb2.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-cephfs-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-debuginfo-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-efs-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-local-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-manila-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-snapshot-controller-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-snapshot-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++;
      if (rpm_exists(rpm:"openshift-monitor-project-lifecycle-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-monitor-project-lifecycle-3.11.43-1.git.59.662daae.el7")) flag++;
      if (rpm_exists(rpm:"openshift-monitor-sample-app-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-monitor-sample-app-3.11.43-1.git.5.83ab17f.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-3.11.43-1.git.5021.31a8f1d.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-alertmanager-3.11.43-1.git.0.19c2765.el7")) flag++;
      if (rpm_exists(rpm:"prometheus-node-exporter-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-node-exporter-3.11.43-1.git.1060.0aff287.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-elasticsearch-5.5.5-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-nose-xcover-1.0.10-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-enterprise-service-catalog / etc");
      }
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0202_KUBERNETES.NASL
    descriptionAn update of the kubernetes package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122013
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122013
    titlePhoton OS 1.0: Kubernetes PHSA-2019-1.0-0202
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0202. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122013);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-1002105");
    
      script_name(english:"Photon OS 1.0: Kubernetes PHSA-2019-1.0-0202");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the kubernetes package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-202.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kubernetes");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-1.9.6-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-debuginfo-1.9.6-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-kubeadm-1.9.6-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-pause-1.9.6-2.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kubernetes");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3754.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform release 3.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119416
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119416
    titleRHEL 7 : OpenShift Container Platform 3.3 (RHSA-2018:3754)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3754. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119416);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/24 15:35:46");
    
      script_cve_id("CVE-2018-1002105");
      script_xref(name:"RHSA", value:"2018:3754");
    
      script_name(english:"RHEL 7 : OpenShift Container Platform 3.3 (RHSA-2018:3754)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat OpenShift Container Platform
    release 3.3.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or
    private cloud deployments.
    
    Security Fix(es) :
    
    * A privilege escalation vulnerability exists in OpenShift Container
    Platform 3.x which allows for compromise of pods running on a compute
    node to which a pod is scheduled with normal user privilege. This
    access could include access to all secrets, pods, environment
    variables, running pod/container processes, and persistent volumes,
    including in privileged containers. Additionally, on versions 3.6 and
    higher of OpenShift Container Platform, this vulnerability allows
    cluster-admin level access to any API hosted by an aggregated API
    server. This includes the 'servicecatalog' API which is installed
    by default in 3.7 and later. Cluster-admin level access to the service
    catalog allows creation of brokered services by an unauthenticated
    user with escalated privileges in any namespace and on any node. This
    could lead to an attacker being allowed to deploy malicious code, or
    alter existing services. (CVE-2018-1002105)
    
    This advisory contains the RPM packages for Red Hat OpenShift
    Container Platform 3.3. See the following advisory for the container
    images for this release :
    
    https://access.redhat.com/errata/RHBA-2018:3753
    
    https://docs.openshift.com/container-platform/3.3/release_notes/
    ocp_3_3_release_notes.html
    
    All OpenShift Container Platform 3.3 users are advised to upgrade to
    these updated packages and images."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2018:0114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.openshift.com/container-platform/3.3/release_notes/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1002105"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-callback-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-filter-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-lookup-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3754";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_exists(rpm:"atomic-openshift-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-clients-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-docker-excluder-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-docker-excluder-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-excluder-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-excluder-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-master-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-node-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-pod-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-tests-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
      if (rpm_exists(rpm:"atomic-openshift-utils-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-utils-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-callback-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-callback-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-docs-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-docs-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-filter-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-filter-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-lookup-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-lookup-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-playbooks-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-playbooks-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"openshift-ansible-roles-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-roles-3.3.149-1.git.0.3859ddb.el7")) flag++;
      if (rpm_exists(rpm:"tuned-profiles-atomic-openshift-node-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tuned-profiles-atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-openshift / atomic-openshift-clients / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2908.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119407
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119407
    titleRHEL 7 : OpenShift Container Platform 3.9 (RHSA-2018:2908)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3624.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform release 3.5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119412
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119412
    titleRHEL 7 : OpenShift Container Platform 3.5 (RHSA-2018:3624)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-554.NASL
    descriptionThis update introduces kubernetes version 1.14.1 and cri-o 1.17.1 to Leap 15.1.
    last seen2020-04-30
    modified2020-04-27
    plugin id136011
    published2020-04-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136011
    titleopenSUSE Security Update : kubernetes (openSUSE-2020-554) (Dirty COW)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0112.NASL
    descriptionAn update of 'kubernetes' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id119753
    published2018-12-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=119753
    titlePhoton OS 2.0: Kubernetes PHSA-2018-2.0-0112 (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3ECFF65275.NASL
    description - Allow to install cri-o as alternative to docker - Allow to install moby-engine as alternative to docker ---- Update to v1.12.5 (Verify backend upgraded connection) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122880
    published2019-03-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122880
    titleFedora 29 : kubernetes (2019-3ecff65275)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3549.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119409
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119409
    titleRHEL 7 : OpenShift Container Platform 3.10 (RHSA-2018:3549)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3551.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119410
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119410
    titleRHEL 7 : OpenShift Container Platform 3.8 (RHSA-2018:3551)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-314913636B.NASL
    description - Rebase to upstream 8de5c3442e56dbe05403990ce0821746673fd588, let
    last seen2020-06-05
    modified2019-01-03
    plugin id120332
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120332
    titleFedora 29 : origin (2018-314913636b)
  • NASL familyCGI abuses
    NASL idKUBE_CVE_2018_1002105.NASL
    descriptionA remote, unauthenticated attacker may be able to leverage API calls to escalate privileges via proxy request handling vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server
    last seen2020-06-01
    modified2020-06-02
    plugin id119677
    published2018-12-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119677
    titleKubernetes proxy request handling vulnerability (CVE-2018-1002105)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2906.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform release 3.7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119406
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119406
    titleRHEL 7 : OpenShift Container Platform 3.7 (RHSA-2018:2906)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3752.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform release 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119415
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119415
    titleRHEL 7 : OpenShift Container Platform 3.4 (RHSA-2018:3752)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3598.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform release 3.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company
    last seen2020-06-01
    modified2020-06-02
    plugin id119411
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119411
    titleRHEL 7 : OpenShift Container Platform 3.6 (RHSA-2018:3598)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3742.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id119414
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119414
    titleRHEL 7 : OpenShift Container Platform 3.2 (RHSA-2018:3742)
  • NASL familyCGI abuses
    NASL idKUBE_1_12_3.NASL
    descriptionThe version of Kubernetes installed on the remote host is version 1.x prior to 1.10.11, 1.11.x prior to 1.11.5, or 1.12.x prior to 1.12.3, and thus, is affected by a remote, unauthenticated privilege escalation vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server
    last seen2020-06-01
    modified2020-06-02
    plugin id119327
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119327
    titleKubernetes 1.x < 1.10.11 / 1.11.x < 1.11.5 / 1.12.x < 1.12.3 API Server Privilege Escalation

Redhat

advisories
  • rhsa
    idRHSA-2018:3537
  • rhsa
    idRHSA-2018:3549
  • rhsa
    idRHSA-2018:3551
  • rhsa
    idRHSA-2018:3598
  • rhsa
    idRHSA-2018:3624
  • rhsa
    idRHSA-2018:3742
  • rhsa
    idRHSA-2018:3752
  • rhsa
    idRHSA-2018:3754
rpms
  • atomic-openshift-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-clients-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-clients-redistributable-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-cluster-capacity-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-docker-excluder-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-dockerregistry-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-excluder-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-federation-services-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-master-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-node-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-pod-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-sdn-ovs-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-service-catalog-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-template-service-broker-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-tests-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-utils-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-callback-plugins-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-docs-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-filter-plugins-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-lookup-plugins-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-playbooks-0:3.7.72-1.git.0.5c45a8a.el7
  • openshift-ansible-roles-0:3.7.72-1.git.0.5c45a8a.el7
  • tuned-profiles-atomic-openshift-node-0:3.7.72-1.git.0.925b9cd.el7
  • atomic-openshift-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-clients-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-clients-redistributable-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-cluster-capacity-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-docker-excluder-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-dockerregistry-0:3.9.51-1.git.353.7685923.el7
  • atomic-openshift-excluder-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-federation-services-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-master-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-node-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-pod-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-sdn-ovs-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-service-catalog-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-template-service-broker-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-tests-0:3.9.51-1.git.0.dc3a40b.el7
  • atomic-openshift-utils-0:3.9.51-1.git.0.c4968ca.el7
  • atomic-openshift-web-console-0:3.9.51-1.git.268.c379530.el7
  • fluentd-0:0.12.43-3.el7
  • fluentd-debuginfo-0:0.12.43-3.el7
  • fluentd-doc-0:0.12.43-3.el7
  • openshift-ansible-0:3.9.51-1.git.0.c4968ca.el7
  • openshift-ansible-docs-0:3.9.51-1.git.0.c4968ca.el7
  • openshift-ansible-playbooks-0:3.9.51-1.git.0.c4968ca.el7
  • openshift-ansible-roles-0:3.9.51-1.git.0.c4968ca.el7
  • openshift-elasticsearch-plugin-0:2.4.4.23__redhat_1-3.el7
  • prometheus-node-exporter-0:3.9.51-1.git.1060.2055e02.el7
  • rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.3-2.el7
  • rubygem-fluent-plugin-kubernetes_metadata_filter-doc-0:1.0.3-2.el7
  • atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7
  • atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7
  • atomic-openshift-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7
  • atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7
  • atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7
  • atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7
  • atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7
  • atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7
  • atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7
  • atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7
  • cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7
  • golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7
  • jenkins-2-plugins-0:3.11.1539805268-1.el7
  • kibana-0:5.6.12-1.el7
  • kibana-debuginfo-0:5.6.12-1.el7
  • openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7
  • openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7
  • openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7
  • openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7
  • openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7
  • openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7
  • openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7
  • openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7
  • openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7
  • openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7
  • prometheus-0:3.11.43-1.git.5021.31a8f1d.el7
  • prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7
  • prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7
  • python-elasticsearch-0:5.5.5-1.el7
  • python-nose-xcover-0:1.0.10-1.el7
  • atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7
  • atomic-enterprise-service-catalog-svcat-1:3.10.72-1.git.1450.7d3f435.el7
  • atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-clients-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-clients-redistributable-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7
  • atomic-openshift-docker-excluder-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7
  • atomic-openshift-excluder-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-hyperkube-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-hypershift-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-master-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-node-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7
  • atomic-openshift-pod-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-sdn-ovs-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-template-service-broker-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-tests-0:3.10.72-1.git.0.3cb2fdc.el7
  • atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7
  • openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7
  • openshift-ansible-docs-0:3.10.73-1.git.0.8b65cea.el7
  • openshift-ansible-playbooks-0:3.10.73-1.git.0.8b65cea.el7
  • openshift-ansible-roles-0:3.10.73-1.git.0.8b65cea.el7
  • openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7
  • openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7
  • openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7
  • prometheus-node-exporter-0:3.10.72-1.git.1060.64daa26.el7
  • atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-clients-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-clients-redistributable-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-cluster-capacity-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-descheduler-0:0.3.0-1.el7
  • atomic-openshift-docker-excluder-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-dockerregistry-0:3.8.44-1.git.224.90f9341.el7
  • atomic-openshift-excluder-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-federation-services-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-master-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-node-problem-detector-0:3.7.0-0.el7
  • atomic-openshift-pod-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-sdn-ovs-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-service-catalog-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-template-service-broker-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-tests-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-utils-0:3.8.44-1.git.0.2bfde74.el7
  • openshift-ansible-0:3.8.44-1.git.0.2bfde74.el7
  • openshift-ansible-docs-0:3.8.44-1.git.0.2bfde74.el7
  • openshift-ansible-playbooks-0:3.8.44-1.git.0.2bfde74.el7
  • openshift-ansible-roles-0:3.8.44-1.git.0.2bfde74.el7
  • python-paramiko-0:2.1.1-4.el7
  • python-paramiko-doc-0:2.1.1-4.el7
  • tuned-profiles-atomic-openshift-node-0:3.8.44-1.git.0.9be0abd.el7
  • atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-clients-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-clients-redistributable-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-cluster-capacity-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-docker-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-dockerregistry-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-excluder-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-federation-services-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-master-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-pod-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-sdn-ovs-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-service-catalog-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-tests-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-utils-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-callback-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-docs-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-filter-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-lookup-plugins-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-playbooks-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • openshift-ansible-roles-0:3.6.173.0.140-1.git.0.0ccb19b.el7
  • tuned-profiles-atomic-openshift-node-0:3.6.173.0.140-1.git.0.9686d52.el7
  • atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-clients-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-clients-redistributable-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-docker-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-dockerregistry-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-excluder-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-master-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-pod-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-sdn-ovs-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-tests-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-utils-0:3.5.175-1.git.0.1274ebe.el7
  • cockpit-debuginfo-0:160-3.el7
  • cockpit-kubernetes-0:160-3.el7
  • openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-callback-plugins-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-docs-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-filter-plugins-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-lookup-plugins-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-playbooks-0:3.5.175-1.git.0.1274ebe.el7
  • openshift-ansible-roles-0:3.5.175-1.git.0.1274ebe.el7
  • tuned-profiles-atomic-openshift-node-0:3.5.5.31.80-1.git.0.c4a0780.el7
  • atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-clients-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-clients-redistributable-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-docker-excluder-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-dockerregistry-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-excluder-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-master-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-pod-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-recycle-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-sdn-ovs-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-tests-0:3.2.1.34-2.git.20.6367d5d.el7
  • tuned-profiles-atomic-openshift-node-0:3.2.1.34-2.git.20.6367d5d.el7
  • atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-clients-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-clients-redistributable-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-docker-excluder-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-dockerregistry-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-excluder-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-master-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-pod-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-sdn-ovs-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-tests-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-utils-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-callback-plugins-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-docs-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-filter-plugins-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-lookup-plugins-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-playbooks-0:3.4.172-1.git.0.33fe526.el7
  • openshift-ansible-roles-0:3.4.172-1.git.0.33fe526.el7
  • tuned-profiles-atomic-openshift-node-0:3.4.1.44.57-1.git.0.a631031.el7
  • atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-clients-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-clients-redistributable-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-docker-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-dockerregistry-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-excluder-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-master-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-pod-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-sdn-ovs-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-tests-0:3.3.1.46.45-1.git.0.2ce596e.el7
  • atomic-openshift-utils-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-callback-plugins-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-docs-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-filter-plugins-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-lookup-plugins-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-playbooks-0:3.3.149-1.git.0.3859ddb.el7
  • openshift-ansible-roles-0:3.3.149-1.git.0.3859ddb.el7
  • tuned-profiles-atomic-openshift-node-0:3.3.1.46.45-1.git.0.2ce596e.el7