CWE-354
Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
CVE-2024-34714 (GCVE-0-2024-34714)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:48 – Updated: 2024-08-02 02:59
VLAI
Title
Hoppscotch Extension responds to calls made by origins not in the domain list
Summary
The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was missed and allowed for messages to be sent to the extension which the extension gladly processed and responded back with the results of, while this wasn't supposed to happen and be blocked by the origin not being present in the origin list.
This vulnerability exposes Hoppscotch Extension users to sites which call into Hoppscotch Extension APIs internally. This fundamentally allows any site running on the browser with the extension installed to bypass CORS restrictions if the user is running extensions with the given version. This security hole was patched in the commit 7e364b928ab722dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn't have an alternative to upgrading to a fixed version.
Severity
7.6 (High)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/hoppscotch/hoppscotch-extensio… | x_refsource_CONFIRM |
| https://github.com/hoppscotch/hoppscotch-extensio… | x_refsource_MISC |
| https://github.com/hoppscotch/hoppscotch-extensio… | x_refsource_MISC |
| https://server.yadhu.in/poc/hoppscotch-poc.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hoppscotch | hoppscotch-extension |
Affected:
>= 0.28, < 0.35
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hoppscotch:hoppscotch_extension:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hoppscotch_extension",
"vendor": "hoppscotch",
"versions": [
{
"lessThan": "0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T16:03:31.682244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:11:08.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/security/advisories/GHSA-jjh5-pvqx-gg5v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/security/advisories/GHSA-jjh5-pvqx-gg5v"
},
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/commit/7e364b928ab722dc682d0fcad713a96cc38477d6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/commit/7e364b928ab722dc682d0fcad713a96cc38477d6"
},
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/commit/d4e8e4830326f46ba17acd1307977ecd32a85b58",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/commit/d4e8e4830326f46ba17acd1307977ecd32a85b58"
},
{
"name": "https://server.yadhu.in/poc/hoppscotch-poc.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://server.yadhu.in/poc/hoppscotch-poc.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hoppscotch-extension",
"vendor": "hoppscotch",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28, \u003c 0.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was missed and allowed for messages to be sent to the extension which the extension gladly processed and responded back with the results of, while this wasn\u0027t supposed to happen and be blocked by the origin not being present in the origin list.\n\nThis vulnerability exposes Hoppscotch Extension users to sites which call into Hoppscotch Extension APIs internally. This fundamentally allows any site running on the browser with the extension installed to bypass CORS restrictions if the user is running extensions with the given version. This security hole was patched in the commit 7e364b928ab722dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn\u0027t have an alternative to upgrading to a fixed version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T14:48:36.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/security/advisories/GHSA-jjh5-pvqx-gg5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/security/advisories/GHSA-jjh5-pvqx-gg5v"
},
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/commit/7e364b928ab722dc682d0fcad713a96cc38477d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/commit/7e364b928ab722dc682d0fcad713a96cc38477d6"
},
{
"name": "https://github.com/hoppscotch/hoppscotch-extension/commit/d4e8e4830326f46ba17acd1307977ecd32a85b58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hoppscotch/hoppscotch-extension/commit/d4e8e4830326f46ba17acd1307977ecd32a85b58"
},
{
"name": "https://server.yadhu.in/poc/hoppscotch-poc.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://server.yadhu.in/poc/hoppscotch-poc.html"
}
],
"source": {
"advisory": "GHSA-jjh5-pvqx-gg5v",
"discovery": "UNKNOWN"
},
"title": "Hoppscotch Extension responds to calls made by origins not in the domain list"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34714",
"datePublished": "2024-05-14T14:48:36.879Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3727 (GCVE-0-2024-3727)
Vulnerability from cvelistv5 – Published: 2024-05-09 14:57 – Updated: 2026-04-29 18:07
VLAI
Title
Containers/image: digest type does not guarantee valid type
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Severity
8.3 (High)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
27 references
Impacted products
168 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 5.29.3
(semver)
Affected: 5.30.0 , < 5.30.1 (semver) |
|||
| Red Hat | OADP-1.3-RHEL-9 |
Unaffected:
1.3.4-9 , < *
(rpm)
cpe:/a:redhat:openshift_api_data_protection:1.3::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-4 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-3 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-3 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-3 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.4 |
Unaffected:
4.4.5-3 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.4::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-1 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security 4.5 |
Unaffected:
4.5.2-2 , < *
(rpm)
cpe:/a:redhat:advanced_cluster_security:4.5::el8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8100020240808093819.afee755d , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
2:1.37.2-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
2:1.16.1-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
2:5.2.2-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Migration Toolkit for Containers 1.8 |
Unaffected:
v1.8.4-22 , < *
(rpm)
cpe:/a:redhat:rhmt:1.8::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected:
3:4.4.1-13.rhaos4.13.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift_ironic:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected:
2:1.11.3-3.rhaos4.13.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift_ironic:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
3:4.4.1-19.rhaos4.14.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 cpe:/a:redhat:openshift_ironic:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
2:1.11.3-3.rhaos4.14.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 cpe:/a:redhat:openshift_ironic:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202409162258-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
3:4.4.1-30.rhaos4.15.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift_ironic:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
2:1.11.3-4.rhaos4.15.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift_ironic:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202410230304.p0.g366295f.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
4:4.9.4-5.1.rhaos4.16.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift_ironic:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
2:1.14.4-1.rhaos4.16.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift_ironic:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
0:1.29.5-7.rhaos4.16.git7db4ada.el8 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
v4.16.0-202409231504.p0.g342902b.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | RHEL-9-CNV-4.15 |
Unaffected:
v4.15.5-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.15::el9 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | OpenShift Source-to-Image (S2I) |
cpe:/a:redhat:source_to_image:1 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Advanced Cluster Security 3 |
cpe:/a:redhat:advanced_cluster_security:3 |
|
| Red Hat | Red Hat Ansible Automation Platform 1.2 |
cpe:/a:redhat:ansible_automation_platform |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 3.11 |
cpe:/a:redhat:openshift:3.11 |
|
| Red Hat | Red Hat OpenShift Container Platform 3.11 |
cpe:/a:redhat:openshift:3.11 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform Assisted Installer 1 |
cpe:/a:redhat:assisted_installer:1 |
|
| Red Hat | Red Hat OpenShift Container Platform Assisted Installer 1 |
cpe:/a:redhat:assisted_installer:1 |
|
| Red Hat | Red Hat OpenShift Container Platform Assisted Installer 1 |
cpe:/a:redhat:assisted_installer:1 |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Red Hat Openshift Sandboxed Containers |
cpe:/a:redhat:openshift_sandboxed_containers:1 |
|
| Red Hat | Red Hat Openshift Sandboxed Containers |
cpe:/a:redhat:openshift_sandboxed_containers:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
Date Public
2024-05-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T17:59:41.318223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:13.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0045"
},
{
"name": "RHSA-2024:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"name": "RHSA-2024:4613",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3727"
},
{
"name": "RHBZ#2274767",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/containers/image",
"defaultStatus": "unaffected",
"packageName": "image",
"versions": [
{
"lessThan": "5.29.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.30.1",
"status": "affected",
"version": "5.30.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.3::el9"
],
"defaultStatus": "affected",
"packageName": "oadp/oadp-velero-plugin-rhel9",
"product": "OADP-1.3-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.3.4-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-collector-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
"product": "Red Hat Advanced Cluster Security 4.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.4.5-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-collector-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-operator-bundle",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.5::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
"product": "Red Hat Advanced Cluster Security 4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.5.2-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "container-tools:rhel8",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240808093819.afee755d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "buildah",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.37.2-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "skopeo",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.16.1-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:5.2.2-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhmt:1.8::el8"
],
"defaultStatus": "affected",
"packageName": "rhmtc/openshift-migration-controller-rhel8",
"product": "Red Hat Migration Toolkit for Containers 1.8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.8.4-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift_ironic:4.13::el9"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3:4.4.1-13.rhaos4.13.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift_ironic:4.13::el9"
],
"defaultStatus": "affected",
"packageName": "skopeo",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.11.3-3.rhaos4.13.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-lifecycle-manager",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift_ironic:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3:4.4.1-19.rhaos4.14.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift_ironic:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "skopeo",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.11.3-3.rhaos4.14.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/network-tools-rhel8",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-api-server-rhel8",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-alibaba-machine-controllers-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-apiserver-network-proxy-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cluster-autoscaler-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cluster-ingress-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cluster-network-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cluster-node-tuning-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-console",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-docker-builder",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-hypershift-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-insights-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-machine-api-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-multus-admission-controller-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-nutanix-machine-controllers-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-openshift-controller-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-registry-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-ovn-kubernetes-microshift-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-ovn-kubernetes-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-powervs-cloud-controller-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-powervs-machine-controllers-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-sdn-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-tests",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-tools-rhel8",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202409162258-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift_ironic:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3:4.4.1-30.rhaos4.15.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift_ironic:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "skopeo",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.11.3-4.rhaos4.15.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-orchestrator-rhel8",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9",
"cpe:/a:redhat:openshift_ironic:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4:4.9.4-5.1.rhaos4.16.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9",
"cpe:/a:redhat:openshift_ironic:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "skopeo",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.14.4-1.rhaos4.16.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "cri-o",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-machine-config-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-machine-config-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-olm-operator-controller-rhel9",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-operator-registry-rhel9",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/oc-mirror-plugin-rhel9",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-api-server-rhel9",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-machine-config-rhel9-operator",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-openshift-apiserver-rhel9",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "RHEL-9-CNV-4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.5-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"packageName": "multicluster-engine/agent-service-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"packageName": "multicluster-engine/assisted-installer-agent-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"packageName": "multicluster-engine/assisted-installer-reporter-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"packageName": "multicluster-engine/assisted-installer-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"packageName": "multicluster-engine/hive-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "ocp-tools-4/jenkins-rhel8",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/client-kn-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-clients",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:source_to_image:1"
],
"defaultStatus": "affected",
"packageName": "source-to-image-container",
"product": "OpenShift Source-to-Image (S2I)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"packageName": "rhacm2/submariner-rhel8-operator",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "unaffected",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform"
],
"defaultStatus": "unaffected",
"packageName": "openshift-clients",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "openshift-clients",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "buildah",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "conmon",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "containers-common",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "osbuild-composer",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "podman",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "skopeo",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "buildah",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "podman",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "skopeo",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "container-tools:4.0/buildah",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "container-tools:4.0/conmon",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "container-tools:4.0/containers-common",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "container-tools:4.0/podman",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "container-tools:4.0/skopeo",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "osbuild-composer",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "conmon",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "containers-common",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "osbuild-composer",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unknown",
"packageName": "atomic-openshift",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unknown",
"packageName": "podman",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "buildah",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "conmon",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "containers-common",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-csr-approver-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-baremetal-installer-rhel8",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cli",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-cli-artifacts",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-deployer",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-installer",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-installer-altinfra-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-installer-artifacts-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-olm-rukpak-rhel8",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift-clients",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "ose-installer-terraform-providers-container",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:assisted_installer:1"
],
"defaultStatus": "affected",
"packageName": "rhai-tech-preview/assisted-installer-agent-rhel8",
"product": "Red Hat OpenShift Container Platform Assisted Installer 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:assisted_installer:1"
],
"defaultStatus": "affected",
"packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8",
"product": "Red Hat OpenShift Container Platform Assisted Installer 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:assisted_installer:1"
],
"defaultStatus": "affected",
"packageName": "rhai-tech-preview/assisted-installer-rhel8",
"product": "Red Hat OpenShift Container Platform Assisted Installer 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"packageName": "devspaces/udi-rhel8",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_sandboxed_containers:1"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-must-gather-rhel8",
"product": "Red Hat Openshift Sandboxed Containers",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_sandboxed_containers:1"
],
"defaultStatus": "affected",
"packageName": "openshift-sandboxed-containers/osc-rhel9-operator",
"product": "Red Hat Openshift Sandboxed Containers",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-apiserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-cloner",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-importer",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-operator",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"packageName": "osp-director-provisioner-container",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"packageName": "quay/quay-builder-rhel8",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
}
],
"datePublic": "2024-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T18:07:23.359Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0045"
},
{
"name": "RHSA-2024:3718",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"name": "RHSA-2024:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"name": "RHSA-2024:4613",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"name": "RHSA-2024:4850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4850"
},
{
"name": "RHSA-2024:4960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"name": "RHSA-2024:5258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"name": "RHSA-2024:5951",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:5951"
},
{
"name": "RHSA-2024:6054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6054"
},
{
"name": "RHSA-2024:6122",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6122"
},
{
"name": "RHSA-2024:6708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6708"
},
{
"name": "RHSA-2024:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6818"
},
{
"name": "RHSA-2024:6824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6824"
},
{
"name": "RHSA-2024:7164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"name": "RHSA-2024:7174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7174"
},
{
"name": "RHSA-2024:7182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"name": "RHSA-2024:7187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7187"
},
{
"name": "RHSA-2024:7922",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7922"
},
{
"name": "RHSA-2024:7941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:7941"
},
{
"name": "RHSA-2024:8260",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"name": "RHSA-2024:8425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"name": "RHSA-2024:9097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9097"
},
{
"name": "RHSA-2024:9098",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9098"
},
{
"name": "RHSA-2024:9102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9102"
},
{
"name": "RHSA-2024:9960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9960"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3727"
},
{
"name": "RHBZ#2274767",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-12T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-05-09T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Containers/image: digest type does not guarantee valid type",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-3727",
"datePublished": "2024-05-09T14:57:21.327Z",
"dateReserved": "2024-04-12T17:56:37.261Z",
"dateUpdated": "2026-04-29T18:07:23.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41909 (GCVE-0-2024-41909)
Vulnerability from cvelistv5 – Published: 2024-08-12 16:00 – Updated: 2025-03-27 15:31
VLAI
Title
Apache MINA SSHD: integrity check bypass
Summary
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which
some security features have been downgraded or disabled, aka a Terrapin
attack
The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
Severity
No CVSS data available.
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/apache/mina-sshd/issues/445 | issue-tracking |
| https://lists.apache.org/thread/vwf1ot8wx1njyy8n1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache MINA SSHD |
Affected:
0 , ≤ 2.11.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:03:16.638471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:31:20.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-11T22:03:14.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache MINA SSHD",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian B\u00e4umer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eLike many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\n\nThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:00:29.568Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache MINA SSHD: integrity check bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41909",
"datePublished": "2024-08-12T16:00:29.568Z",
"dateReserved": "2024-07-23T15:14:34.330Z",
"dateUpdated": "2025-03-27T15:31:20.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45789 (GCVE-0-2024-45789)
Vulnerability from cvelistv5 – Published: 2024-09-11 12:00 – Updated: 2024-09-11 13:29
VLAI
Title
Parameter Tampering Vulnerability
Summary
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.
Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.
Severity
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Reedos Software Solutions | Mutual Fund Distribution Product (aiM-Star) |
Affected:
2.0.1
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:reedos:aim-star:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aim-star",
"vendor": "reedos",
"versions": [
{
"status": "affected",
"version": "2.0.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:19:15.979131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:29:41.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mutual Fund Distribution Product (aiM-Star)",
"vendor": "Reedos Software Solutions",
"versions": [
{
"status": "affected",
"version": "2.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "This vulnerability is reported by Mohit Gadiya."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts."
}
],
"value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.\n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T12:00:28.464Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0291"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2\u003cbr\u003e"
}
],
"value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Parameter Tampering Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-45789",
"datePublished": "2024-09-11T12:00:28.464Z",
"dateReserved": "2024-09-09T11:02:56.323Z",
"dateUpdated": "2024-09-11T13:29:41.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46992 (GCVE-0-2024-46992)
Vulnerability from cvelistv5 – Published: 2025-07-01 01:43 – Updated: 2025-07-01 14:33
VLAI
Title
Electron ASAR Integrity bypass by just modifying the content
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacted. Specifically this issue can only be exploited if the app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against. This issue has been patched in versions 30.0.5 and 31.0.0-beta.1. There are no workarounds for this issue.
Severity
7.8 (High)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/electron/electron/security/adv… | x_refsource_CONFIRM |
| https://www.electronjs.org/docs/latest/tutorial/fuses | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T14:32:53.122906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:33:20.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 30.0.0-alpha.1, \u003c 30.0.5"
},
{
"status": "affected",
"version": "\u003e= 31.0.0-alpha.1, \u003c 31.0.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacted. Specifically this issue can only be exploited if the app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against. This issue has been patched in versions 30.0.5 and 31.0.0-beta.1. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T01:43:13.767Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"source": {
"advisory": "GHSA-xw5q-g62x-2qjc",
"discovery": "UNKNOWN"
},
"title": "Electron ASAR Integrity bypass by just modifying the content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46992",
"datePublished": "2025-07-01T01:43:13.767Z",
"dateReserved": "2024-09-16T16:10:09.019Z",
"dateUpdated": "2025-07-01T14:33:20.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47089 (GCVE-0-2024-47089)
Vulnerability from cvelistv5 – Published: 2024-09-19 06:18 – Updated: 2024-09-19 13:45
VLAI
Title
Unauthorized Transaction Manipulation Vulnerability
Summary
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
Severity
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apex Softcell | LD Geo |
Affected:
<4.0.0.7
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ld_geo",
"vendor": "apexsoftcell",
"versions": [
{
"lessThan": "4.0.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:40:39.747398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:45:30.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LD Geo",
"vendor": "Apex Softcell",
"versions": [
{
"status": "affected",
"version": "\u003c4.0.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mohit Gadiya."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T06:18:33.392Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0296"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Apex Softcell LD Geo to version 4.0.0.7\u003cbr\u003e"
}
],
"value": "Upgrade Apex Softcell LD Geo to version 4.0.0.7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Transaction Manipulation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-47089",
"datePublished": "2024-09-19T06:18:33.392Z",
"dateReserved": "2024-09-18T08:36:36.215Z",
"dateUpdated": "2024-09-19T13:45:30.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47255 (GCVE-0-2024-47255)
Vulnerability from cvelistv5 – Published: 2024-11-05 09:16 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary
code execution with root permissions.
Severity
4.7 (Medium)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:55:29.859923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:55:56.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:35.186Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47255",
"datePublished": "2024-11-05T09:16:48.128Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:35.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47573 (GCVE-0-2024-47573)
Vulnerability from cvelistv5 – Published: 2025-03-14 15:04 – Updated: 2025-03-14 17:53
VLAI
Summary
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Severity
CWE
- CWE-354 - Denial of service
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:53:14.212011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:53:27.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:04:55.721Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.3 or above \nPlease upgrade to FortiNDR version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47573",
"datePublished": "2025-03-14T15:04:55.721Z",
"dateReserved": "2024-09-27T16:19:24.136Z",
"dateUpdated": "2025-03-14T17:53:27.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47935 (GCVE-0-2024-47935)
Vulnerability from cvelistv5 – Published: 2025-02-17 06:11 – Updated: 2025-02-18 19:32
VLAI
Title
TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability
Summary
Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. The attacker needs to hijack the DLL file in advance.
This issue affects StellarProtect (Legacy Mode): before 3.2; StellarEnforce: before 3.2; Safe Lock: from 3.0.0 before 3.1.1076.
*Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product.
Severity
6.7 (Medium)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| TXOne Networks | StellarProtect (Legacy Mode) |
Affected:
0 , < 3.2
(custom)
|
|
| TXOne Networks | StellarEnforce |
Affected:
0 , < 3.2
(custom)
|
|
| TXOne Networks | Safe Lock |
Affected:
3.0.0 , < 3.1.1076
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:45:19.936635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:32:26.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StellarProtect (Legacy Mode)",
"vendor": "TXOne Networks",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "StellarEnforce",
"vendor": "TXOne Networks",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Safe Lock",
"vendor": "TXOne Networks",
"versions": [
{
"lessThan": "3.1.1076",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim\u2019s device. The attacker needs to hijack the DLL file in advance.\u003cbr\u003eThis issue affects StellarProtect (Legacy Mode): before 3.2; StellarEnforce: before 3.2; Safe Lock: from 3.0.0 before 3.1.1076.\u003cbr\u003e*Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product.\u003cbr\u003e"
}
],
"value": "Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim\u2019s device. The attacker needs to hijack the DLL file in advance.\nThis issue affects StellarProtect (Legacy Mode): before 3.2; StellarEnforce: before 3.2; Safe Lock: from 3.0.0 before 3.1.1076.\n*Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T06:11:47.235Z",
"orgId": "3ad20294-822c-4ebc-9301-f9a7cf62d46e",
"shortName": "TXOne"
},
"references": [
{
"url": "https://www.txone.com/psirt/advisories/cve-2024-47935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ad20294-822c-4ebc-9301-f9a7cf62d46e",
"assignerShortName": "TXOne",
"cveId": "CVE-2024-47935",
"datePublished": "2025-02-17T06:11:47.235Z",
"dateReserved": "2024-10-07T05:21:42.329Z",
"dateUpdated": "2025-02-18T19:32:26.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48930 (GCVE-0-2024-48930)
Vulnerability from cvelistv5 – Published: 2024-10-21 15:41 – Updated: 2024-10-21 16:44
VLAI
Title
secp256k1-node vulnerable to private key extraction over ECDH
Summary
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, `loadCompressedPublicKey` is missing that check. That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power. Other operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak. Versions 5.0.1, 4.0.4, and 3.8.1 contain a fix for the issue.
Severity
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/cryptocoinjs/secp256k1-node/se… | x_refsource_CONFIRM |
| https://github.com/cryptocoinjs/secp256k1-node/co… | x_refsource_MISC |
| https://github.com/cryptocoinjs/secp256k1-node/co… | x_refsource_MISC |
| https://github.com/cryptocoinjs/secp256k1-node/co… | x_refsource_MISC |
| https://github.com/cryptocoinjs/secp256k1-node/bl… | x_refsource_MISC |
| https://github.com/cryptocoinjs/secp256k1-node/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cryptocoinjs | secp256k1-node |
Affected:
= 5.0.0
Affected: >= 4.0.0, < 4.0.4 Affected: < 3.8.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:secp256k1-node_project:secp256k1-node:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secp256k1-node",
"vendor": "secp256k1-node_project",
"versions": [
{
"status": "affected",
"version": "5.0.0"
},
{
"lessThan": "4.0.4",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.8.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T16:36:50.720373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:44:50.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "secp256k1-node",
"vendor": "cryptocoinjs",
"versions": [
{
"status": "affected",
"version": "= 5.0.0"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"status": "affected",
"version": "\u003c 3.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, `loadCompressedPublicKey` is missing that check. That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power. Other operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak. Versions 5.0.1, 4.0.4, and 3.8.1 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T15:41:41.999Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/security/advisories/GHSA-584q-6j8j-r5pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/security/advisories/GHSA-584q-6j8j-r5pm"
},
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/commit/8bd6446e000fa59df3cda0ae3e424300747ea5ed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/commit/8bd6446e000fa59df3cda0ae3e424300747ea5ed"
},
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/commit/9a15fff274f83a6ec7f675f1121babcc0c42292f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/commit/9a15fff274f83a6ec7f675f1121babcc0c42292f"
},
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/commit/e256905ee649a7caacc251f7c964667195a52221",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/commit/e256905ee649a7caacc251f7c964667195a52221"
},
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19"
},
{
"name": "https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39"
}
],
"source": {
"advisory": "GHSA-584q-6j8j-r5pm",
"discovery": "UNKNOWN"
},
"title": "secp256k1-node vulnerable to private key extraction over ECDH"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-48930",
"datePublished": "2024-10-21T15:41:41.999Z",
"dateReserved": "2024-10-09T22:06:46.175Z",
"dateUpdated": "2024-10-21T16:44:50.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
CAPEC-145: Checksum Spoofing
An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.