All the vulnerabilites related to Red Hat - Red Hat OpenShift Container Platform 4.17
cve-2024-9676
Vulnerability from cvelistv5
Published
2024-10-15 15:27
Modified
2024-12-01 23:14
Summary
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
References
https://access.redhat.com/errata/RHSA-2024:10289vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8418vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8428vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8437vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8686vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8690vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8694vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8700vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8984vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9051vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9454vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9459vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9926vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9676vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2317467issue-tracking, x_refsource_REDHAT
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-16.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:5.2.2-9.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.5-1.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:1.33.11-1.el9_4   < *
    cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.5-30.rhaos4.12.git53dc492.el8   < *
    cpe:/a:redhat:openshift:4.12::el8
    cpe:/a:redhat:openshift:4.12::el9
    cpe:/a:redhat:openshift_ironic:4.12::el9
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-26.rhaos4.13.giteb3d487.el9   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.8-12.rhaos4.14.git7597c43.el8   < *
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.11-5.rhaos4.15.git35a2431.el9   < *
    cpe:/a:redhat:openshift:4.15::el8
    cpe:/a:redhat:openshift:4.15::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 0:1.29.9-6.rhaos4.16.gite7bd45a.el8   < *
    cpe:/a:redhat:openshift_ironic:4.16::el9
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-14.rhaos4.16.el9   < *
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 0:1.30.6-6.rhaos4.17.git6ac6e96.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
    cpe:/a:redhat:openshift:4.17::el8
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 5:5.2.2-1.rhaos4.17.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
    cpe:/a:redhat:openshift:4.17::el8
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9676",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T15:45:48.644647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T15:46:17.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020241101101019.afee755d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-16.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:5.2.2-9.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.37.5-1.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.33.11-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8",
            "cpe:/a:redhat:openshift:4.12::el9",
            "cpe:/a:redhat:openshift_ironic:4.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.25.5-30.rhaos4.12.git53dc492.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.26.5-26.rhaos4.13.giteb3d487.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.27.8-12.rhaos4.14.git7597c43.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el8",
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.28.11-5.rhaos4.15.git35a2431.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ironic:4.16::el9",
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.29.9-6.rhaos4.16.gite7bd45a.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-14.rhaos4.16.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9",
            "cpe:/a:redhat:openshift:4.17::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.30.6-6.rhaos4.17.git6ac6e96.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9",
            "cpe:/a:redhat:openshift:4.17::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "5:5.2.2-1.rhaos4.17.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quay:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-builder-rhel8",
          "product": "Red Hat Quay 3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Erik Sj\u00f6lund \u003cerik.sjolund@gmail.com\u003e for reporting this issue."
        }
      ],
      "datePublic": "2024-10-15T15:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-01T23:14:03.181Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10289"
        },
        {
          "name": "RHSA-2024:8418",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8418"
        },
        {
          "name": "RHSA-2024:8428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8428"
        },
        {
          "name": "RHSA-2024:8437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8437"
        },
        {
          "name": "RHSA-2024:8686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8686"
        },
        {
          "name": "RHSA-2024:8690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8690"
        },
        {
          "name": "RHSA-2024:8694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8694"
        },
        {
          "name": "RHSA-2024:8700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8700"
        },
        {
          "name": "RHSA-2024:8984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8984"
        },
        {
          "name": "RHSA-2024:9051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9051"
        },
        {
          "name": "RHSA-2024:9454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9454"
        },
        {
          "name": "RHSA-2024:9459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9459"
        },
        {
          "name": "RHSA-2024:9926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9926"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9676"
        },
        {
          "name": "RHBZ#2317467",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317467"
        },
        {
          "url": "https://github.com/advisories/GHSA-wq2p-5pc6-wpgf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T02:59:07.708000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-15T15:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9676",
    "datePublished": "2024-10-15T15:27:33.665Z",
    "dateReserved": "2024-10-09T03:02:48.802Z",
    "dateUpdated": "2024-12-01T23:14:03.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9341
Vulnerability from cvelistv5
Published
2024-10-01 18:52
Modified
2024-12-11 03:45
Summary
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
References
https://access.redhat.com/errata/RHSA-2024:10147vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10818vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7925vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8039vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8112vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8238vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8263vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8428vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8690vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8694vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8846vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9454vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9459vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9341vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2315691issue-tracking, x_refsource_REDHAT
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169
https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-13.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.33.9-1.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:5.2.2-9.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.5-1.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.5-30.rhaos4.12.git53dc492.el8   < *
    cpe:/a:redhat:openshift:4.12::el8
    cpe:/a:redhat:openshift_ironic:4.12::el9
    cpe:/a:redhat:openshift:4.12::el9
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-26.rhaos4.13.giteb3d487.el8   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.8-10.rhaos4.14.git807f92c.el8   < *
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.11-5.rhaos4.15.git35a2431.el8   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 0:1.29.9-5.rhaos4.16.git34690b9.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
    cpe:/a:redhat:openshift:4.16::el8
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202411201433-0   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 0:1.30.6-3.rhaos4.17.git49b5172.el8   < *
    cpe:/a:redhat:openshift:4.17::el9
    cpe:/a:redhat:openshift:4.17::el8
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202412040832-0   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T19:23:28.683055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T19:23:37.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020241023085649.afee755d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-13.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.33.9-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:5.2.2-9.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.37.5-1.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8",
            "cpe:/a:redhat:openshift_ironic:4.12::el9",
            "cpe:/a:redhat:openshift:4.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.25.5-30.rhaos4.12.git53dc492.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.26.5-26.rhaos4.13.giteb3d487.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.27.8-10.rhaos4.14.git807f92c.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.28.11-5.rhaos4.15.git35a2431.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9",
            "cpe:/a:redhat:openshift:4.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.29.9-5.rhaos4.16.git34690b9.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202411201433-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9",
            "cpe:/a:redhat:openshift:4.17::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.30.6-3.rhaos4.17.git49b5172.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202412040832-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Paul Holzinger for reporting this issue."
        }
      ],
      "datePublic": "2024-10-01T15:45:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-11T03:45:20.528Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10147"
        },
        {
          "name": "RHSA-2024:10818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10818"
        },
        {
          "name": "RHSA-2024:7925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7925"
        },
        {
          "name": "RHSA-2024:8039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8039"
        },
        {
          "name": "RHSA-2024:8112",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8112"
        },
        {
          "name": "RHSA-2024:8238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8238"
        },
        {
          "name": "RHSA-2024:8263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8263"
        },
        {
          "name": "RHSA-2024:8428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8428"
        },
        {
          "name": "RHSA-2024:8690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8690"
        },
        {
          "name": "RHSA-2024:8694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8694"
        },
        {
          "name": "RHSA-2024:8846",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8846"
        },
        {
          "name": "RHSA-2024:9454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9454"
        },
        {
          "name": "RHSA-2024:9459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9459"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9341"
        },
        {
          "name": "RHBZ#2315691",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315691"
        },
        {
          "url": "https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L169"
        },
        {
          "url": "https://github.com/containers/common/blob/384f77532f67afc8a73d8e0c4adb0d195df57714/pkg/subscriptions/subscriptions.go#L349"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-30T15:18:57.587000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-01T15:45:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9341",
    "datePublished": "2024-10-01T18:52:00.686Z",
    "dateReserved": "2024-09-30T15:19:22.496Z",
    "dateUpdated": "2024-12-11T03:45:20.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-3727
Vulnerability from cvelistv5
Published
2024-05-09 14:57
Modified
2024-12-10 16:08
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
References
https://access.redhat.com/errata/RHSA-2024:0045vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3718vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4613vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4850vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4960vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5258vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5951vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6054vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6708vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6824vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7174vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7182vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7187vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7922vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7941vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8260vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8425vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9097vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9098vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9102vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9960vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-3727vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2274767issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat OADP-1.3-RHEL-9 Unaffected: 1.3.4-9   < *
    cpe:/a:redhat:openshift_api_data_protection:1.3::el9
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-4   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.5-3   < *
    cpe:/a:redhat:advanced_cluster_security:4.4::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-1   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.2-2   < *
    cpe:/a:redhat:advanced_cluster_security:4.5::el8
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240808093819.afee755d   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.2-1.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.16.1-1.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:5.2.2-1.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Migration Toolkit for Containers 1.8 Unaffected: v1.8.4-22   < *
    cpe:/a:redhat:rhmt:1.8::el8
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-13.rhaos4.13.el8   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
    cpe:/a:redhat:openshift_ironic:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 2:1.11.3-3.rhaos4.13.el9   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
    cpe:/a:redhat:openshift_ironic:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8   < *
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-19.rhaos4.14.el9   < *
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift_ironic:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 2:1.11.3-3.rhaos4.14.el9   < *
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift_ironic:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-30.rhaos4.15.el9   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift_ironic:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 2:1.11.3-4.rhaos4.15.el8   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift_ironic:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.g366295f.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-5.1.rhaos4.16.el9   < *
    cpe:/a:redhat:openshift_ironic:4.16::el9
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 2:1.14.4-1.rhaos4.16.el8   < *
    cpe:/a:redhat:openshift_ironic:4.16::el9
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 0:1.29.5-7.rhaos4.16.git7db4ada.el9   < *
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202407171536.p0.g1551101.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202409231504.p0.g342902b.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat RHEL-9-CNV-4.15 Unaffected: v4.15.5-7   < *
    cpe:/a:redhat:container_native_virtualization:4.15::el9
Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
Red Hat OpenShift Source-to-Image (S2I)     cpe:/a:redhat:source_to_image:1
Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Advanced Cluster Security 3     cpe:/a:redhat:advanced_cluster_security:3
Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform Assisted Installer     cpe:/a:redhat:assisted_installer:
Red Hat Red Hat OpenShift Container Platform Assisted Installer     cpe:/a:redhat:assisted_installer:
Red Hat Red Hat OpenShift Container Platform Assisted Installer     cpe:/a:redhat:assisted_installer:
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3:
Red Hat Red Hat Openshift Sandboxed Containers     cpe:/a:redhat:openshift_sandboxed_containers:1
Red Hat Red Hat Openshift Sandboxed Containers     cpe:/a:redhat:openshift_sandboxed_containers:1
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3727",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:59:41.318223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:13.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:01.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0045"
          },
          {
            "name": "RHSA-2024:4159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4159"
          },
          {
            "name": "RHSA-2024:4613",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4613"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
          },
          {
            "name": "RHBZ#2274767",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/containers/image",
          "defaultStatus": "unaffected",
          "packageName": "image",
          "versions": [
            {
              "lessThan": "5.29.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.30.1",
              "status": "affected",
              "version": "5.30.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_api_data_protection:1.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "oadp/oadp-velero-plugin-rhel9",
          "product": "OADP-1.3-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.3.4-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-operator-bundle",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.5-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-collector-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-operator-bundle",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
          "product": "Red Hat Advanced Cluster Security 4.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.5.2-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240808093819.afee755d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.37.2-1.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.16.1-1.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:5.2.2-1.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhmt:1.8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhmtc/openshift-migration-controller-rhel8",
          "product": "Red Hat Migration Toolkit for Containers 1.8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.8.4-22",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9",
            "cpe:/a:redhat:openshift_ironic:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-13.rhaos4.13.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9",
            "cpe:/a:redhat:openshift_ironic:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.11.3-3.rhaos4.13.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-operator-lifecycle-manager",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift_ironic:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-19.rhaos4.14.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift_ironic:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.11.3-3.rhaos4.14.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift_ironic:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-30.rhaos4.15.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift_ironic:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.11.3-4.rhaos4.15.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ironic:4.16::el9",
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-5.1.rhaos4.16.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ironic:4.16::el9",
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "skopeo",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.14.4-1.rhaos4.16.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-machine-config-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-node-agent-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-machine-config-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-olm-operator-controller-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-operator-registry-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
          "product": "RHEL-9-CNV-4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.5-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "unaffected",
          "packageName": "multicluster-engine/agent-service-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "unaffected",
          "packageName": "multicluster-engine/assisted-installer-agent-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "unaffected",
          "packageName": "multicluster-engine/assisted-installer-reporter-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "unaffected",
          "packageName": "multicluster-engine/assisted-installer-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_engine"
          ],
          "defaultStatus": "unaffected",
          "packageName": "multicluster-engine/hive-rhel8",
          "product": "Multicluster Engine for Kubernetes",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/client-kn-rhel8",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-clients",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:source_to_image:1"
          ],
          "defaultStatus": "affected",
          "packageName": "source-to-image-container",
          "product": "OpenShift Source-to-Image (S2I)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhacm2/submariner-rhel8-operator",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-clients",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift-clients",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-tools:4.0/buildah",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-tools:4.0/conmon",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-tools:4.0/containers-common",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:4.0/podman",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-tools:4.0/skopeo",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "osbuild-composer",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "containers-common",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "osbuild-composer",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unknown",
          "packageName": "atomic-openshift",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unknown",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "containers-common",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/oc-mirror-plugin-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-api-server-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift4/ose-baremetal-installer-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cli",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cli-artifacts",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-deployer",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-installer",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift4/ose-installer-altinfra-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift4/ose-installer-artifacts",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-olm-rukpak-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-openshift-apiserver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-openshift-controller-manager-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-tools-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-clients",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ose-installer-terraform-providers-container",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:assisted_installer:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8",
          "product": "Red Hat OpenShift Container Platform Assisted Installer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:assisted_installer:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8",
          "product": "Red Hat OpenShift Container Platform Assisted Installer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:assisted_installer:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhai-tech-preview/assisted-installer-rhel8",
          "product": "Red Hat OpenShift Container Platform Assisted Installer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_devspaces:3:"
          ],
          "defaultStatus": "affected",
          "packageName": "devspaces/udi-rhel8",
          "product": "Red Hat OpenShift Dev Spaces",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_sandboxed_containers:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8",
          "product": "Red Hat Openshift Sandboxed Containers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_sandboxed_containers:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator",
          "product": "Red Hat Openshift Sandboxed Containers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-apiserver",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-cloner",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-controller",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-importer",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-operator",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadproxy",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadserver",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "osp-director-provisioner-container",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quay:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-builder-rhel8",
          "product": "Red Hat Quay 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-05-09T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T16:08:44.916Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0045"
        },
        {
          "name": "RHSA-2024:3718",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3718"
        },
        {
          "name": "RHSA-2024:4159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4159"
        },
        {
          "name": "RHSA-2024:4613",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4613"
        },
        {
          "name": "RHSA-2024:4850",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4850"
        },
        {
          "name": "RHSA-2024:4960",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4960"
        },
        {
          "name": "RHSA-2024:5258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5258"
        },
        {
          "name": "RHSA-2024:5951",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5951"
        },
        {
          "name": "RHSA-2024:6054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6054"
        },
        {
          "name": "RHSA-2024:6708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6708"
        },
        {
          "name": "RHSA-2024:6824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6824"
        },
        {
          "name": "RHSA-2024:7164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7164"
        },
        {
          "name": "RHSA-2024:7174",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7174"
        },
        {
          "name": "RHSA-2024:7182",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7182"
        },
        {
          "name": "RHSA-2024:7187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7187"
        },
        {
          "name": "RHSA-2024:7922",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7922"
        },
        {
          "name": "RHSA-2024:7941",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7941"
        },
        {
          "name": "RHSA-2024:8260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8260"
        },
        {
          "name": "RHSA-2024:8425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8425"
        },
        {
          "name": "RHSA-2024:9097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9097"
        },
        {
          "name": "RHSA-2024:9098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9098"
        },
        {
          "name": "RHSA-2024:9102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9102"
        },
        {
          "name": "RHSA-2024:9960",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9960"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
        },
        {
          "name": "RHBZ#2274767",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-12T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-05-09T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Containers/image: digest type does not guarantee valid type",
      "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-3727",
    "datePublished": "2024-05-09T14:57:21.327Z",
    "dateReserved": "2024-04-12T17:56:37.261Z",
    "dateUpdated": "2024-12-10T16:08:44.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7409
Vulnerability from cvelistv5
Published
2024-08-05 13:19
Modified
2024-12-12 03:50
Summary
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
References
https://access.redhat.com/errata/RHSA-2024:10518vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10528vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10813vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6811vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6818vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6964vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7408vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8991vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9136vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9620vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9912vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7409vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2302487issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240905091210.489197e6   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/a:redhat:enterprise_linux:8::crb
Red Hat Red Hat Enterprise Linux 9 Unaffected: 17:9.0.0-10.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 17:7.2.0-14.el9_2.14   < *
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 17:8.2.0-11.el9_4.8   < *
    cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202411212100-0   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 413.92.202409180051-0   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 414.92.202411130444-0   < *
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202409162258-0   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 415.92.202411050056-0   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 416.94.202411261619-0   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202411261220-0   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization     cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization     cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization     cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization     cpe:/a:redhat:advanced_virtualization:8::el8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T20:16:55.295801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:17:14.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "virt-devel:rhel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240905091210.489197e6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:rhel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240905091210.489197e6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17:9.0.0-10.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17:7.2.0-14.el9_2.14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17:8.2.0-11.el9_4.8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202411212100-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "413.92.202409180051-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202411130444-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202409162258-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "415.92.202411050056-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202411261619-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202411261220-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "qemu-kvm-ma",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:8.2/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt:av/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt-devel:8.2/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "virt-devel:av/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-08-02T11:05:09+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-662",
              "description": "Improper Synchronization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T03:50:24.208Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10518",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10518"
        },
        {
          "name": "RHSA-2024:10528",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10528"
        },
        {
          "name": "RHSA-2024:10813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10813"
        },
        {
          "name": "RHSA-2024:6811",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6811"
        },
        {
          "name": "RHSA-2024:6818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6818"
        },
        {
          "name": "RHSA-2024:6964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6964"
        },
        {
          "name": "RHSA-2024:7408",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7408"
        },
        {
          "name": "RHSA-2024:8991",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8991"
        },
        {
          "name": "RHSA-2024:9136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9136"
        },
        {
          "name": "RHSA-2024:9620",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9620"
        },
        {
          "name": "RHSA-2024:9912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9912"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7409"
        },
        {
          "name": "RHBZ#2302487",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302487"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-02T10:54:41+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-02T11:05:09+00:00",
          "value": "Made public."
        }
      ],
      "title": "Qemu: denial of service via improper synchronization in qemu nbd server during socket closure",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-662: Improper Synchronization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7409",
    "datePublished": "2024-08-05T13:19:27.498Z",
    "dateReserved": "2024-08-02T12:25:13.211Z",
    "dateUpdated": "2024-12-12T03:50:24.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-6508
Vulnerability from cvelistv5
Published
2024-08-21 05:45
Modified
2024-12-12 03:49
Summary
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
References
https://access.redhat.com/errata/RHSA-2024:10813vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7922vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8415vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8991vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9620vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-6508vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2295777issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202411131205.p0.g839a801.assembly.stream.el8   < *
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9   < *
    cpe:/a:redhat:openshift:4.17::el9
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6508",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T13:24:02.161482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T13:38:00.878Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openshift/console",
          "defaultStatus": "affected",
          "packageName": "openshift-console"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-enterprise-console-container",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202411131205.p0.g839a801.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-08-19T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim\u2019s current application account using a third-party account without any restrictions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T03:49:49.365Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10813"
        },
        {
          "name": "RHSA-2024:7922",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7922"
        },
        {
          "name": "RHSA-2024:8415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8415"
        },
        {
          "name": "RHSA-2024:8991",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8991"
        },
        {
          "name": "RHSA-2024:9620",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9620"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-6508"
        },
        {
          "name": "RHBZ#2295777",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295777"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-17T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-19T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openshift-console: oauth2 insufficient state parameter entropy",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-331: Insufficient Entropy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-6508",
    "datePublished": "2024-08-21T05:45:28.303Z",
    "dateReserved": "2024-07-04T11:10:33.464Z",
    "dateUpdated": "2024-12-12T03:49:49.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9675
Vulnerability from cvelistv5
Published
2024-10-09 14:32
Modified
2024-12-01 23:14
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
https://access.redhat.com/errata/RHSA-2024:8563vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8675vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8679vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8686vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8690vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8700vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8703vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8707vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8708vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8709vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8846vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8984vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8994vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9051vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9454vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9459vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9675vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2317458issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020241028154646.3b538bd8   < *
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020241028154646.3b538bd8   < *
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020241028154646.3b538bd8   < *
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020241025064551.0f77c1b7   < *
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.33.10-1.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:4.9.4-16.el9_4   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 4:5.2.2-9.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.37.5-1.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 1:1.26.8-2.el9_0   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 2:4.2.0-5.el9_0.2   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 1:1.29.4-1.el9_2   < *
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 2:4.4.1-21.el9_2   < *
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 3:4.4.1-15.rhaos4.13.el8   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 3:4.4.1-21.rhaos4.14.el9   < *
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 3:4.4.1-32.rhaos4.15.el9   < *
    cpe:/a:redhat:openshift:4.15::el8
    cpe:/a:redhat:openshift:4.15::el9
Red Hat Red Hat OpenShift Container Platform 4.16 Unaffected: 4:4.9.4-14.rhaos4.16.el9   < *
    cpe:/a:redhat:openshift:4.16::el8
    cpe:/a:redhat:openshift:4.16::el9
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 5:5.2.2-1.rhaos4.17.el9   < *
    cpe:/a:redhat:openshift:4.17::el8
    cpe:/a:redhat:openshift:4.17::el9
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T16:16:25.550764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T16:24:34.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020241023085649.afee755d",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020241028154646.3b538bd8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "container-tools:rhel8",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020241025064551.0f77c1b7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.33.10-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-16.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:5.2.2-9.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.37.5-1.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.26.8-2.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:4.2.0-5.el9_0.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "buildah",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.29.4-1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:4.4.1-21.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-15.rhaos4.13.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-21.rhaos4.14.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el8",
            "cpe:/a:redhat:openshift:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3:4.4.1-32.rhaos4.15.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el8",
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4:4.9.4-14.rhaos4.16.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el8",
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "podman",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "5:5.2.2-1.rhaos4.17.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ocp_tools"
          ],
          "defaultStatus": "affected",
          "packageName": "ocp-tools-4/jenkins-rhel8",
          "product": "OpenShift Developer Tools and Services",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "skopeo",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "buildah",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "conmon",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-docker-builder",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quay:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quay/quay-builder-rhel8",
          "product": "Red Hat Quay 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-10-09T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-01T23:14:00.658Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:8563",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8563"
        },
        {
          "name": "RHSA-2024:8675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8675"
        },
        {
          "name": "RHSA-2024:8679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8679"
        },
        {
          "name": "RHSA-2024:8686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8686"
        },
        {
          "name": "RHSA-2024:8690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8690"
        },
        {
          "name": "RHSA-2024:8700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8700"
        },
        {
          "name": "RHSA-2024:8703",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8703"
        },
        {
          "name": "RHSA-2024:8707",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8707"
        },
        {
          "name": "RHSA-2024:8708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8708"
        },
        {
          "name": "RHSA-2024:8709",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8709"
        },
        {
          "name": "RHSA-2024:8846",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8846"
        },
        {
          "name": "RHSA-2024:8984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8984"
        },
        {
          "name": "RHSA-2024:8994",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8994"
        },
        {
          "name": "RHSA-2024:9051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9051"
        },
        {
          "name": "RHSA-2024:9454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9454"
        },
        {
          "name": "RHSA-2024:9459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:9459"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9675"
        },
        {
          "name": "RHBZ#2317458",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T02:45:06.343000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-09T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Buildah: buildah allows arbitrary directory mount",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9675",
    "datePublished": "2024-10-09T14:32:11.922Z",
    "dateReserved": "2024-10-09T02:47:50.357Z",
    "dateUpdated": "2024-12-01T23:14:00.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5154
Vulnerability from cvelistv5
Published
2024-06-12 08:51
Modified
2024-12-11 03:44
Summary
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
Impacted products
Vendor Product Version
Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.5-21.2.rhaos4.12.gita3eb75f.el8   < *
    cpe:/a:redhat:openshift:4.12::el8
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-18.2.rhaos4.13.git2e90133.el9   < *
    cpe:/a:redhat:openshift:4.13::el8
    cpe:/a:redhat:openshift:4.13::el9
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.7-3.rhaos4.14.git674563e.el9   < *
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.7-2.rhaos4.15.git111aec5.el9   < *
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Red Hat Red Hat OpenShift Container Platform 4.17 Unaffected: 417.94.202412040832-0   < *
    cpe:/a:redhat:openshift:4.17::el9
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5154",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-13T20:15:38.501353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T20:15:45.221Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:11.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:3676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3676"
          },
          {
            "name": "RHSA-2024:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3700"
          },
          {
            "name": "RHSA-2024:4008",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4008"
          },
          {
            "name": "RHSA-2024:4486",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4486"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-5154"
          },
          {
            "name": "RHBZ#2280190",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280190"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cri-o/cri-o",
          "defaultStatus": "unaffected",
          "packageName": "cri-o",
          "versions": [
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "1.30.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.5",
              "status": "affected",
              "version": "1.29.4",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.7",
              "status": "affected",
              "version": "1.28.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.25.5-21.2.rhaos4.12.gita3eb75f.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el8",
            "cpe:/a:redhat:openshift:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.26.5-18.2.rhaos4.13.git2e90133.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.27.7-3.rhaos4.14.git674563e.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.28.7-2.rhaos4.15.git111aec5.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202412040832-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-tools:rhel8/podman",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "conmon",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unknown",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Erik Sj\u00f6lund (erik.sjolund@gmail.com) for reporting this issue."
        }
      ],
      "datePublic": "2024-05-27T18:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (\u201c../\u201c). This flaw allows the container to read and write to arbitrary files on the host system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-11T03:44:42.486Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10818"
        },
        {
          "name": "RHSA-2024:3676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3676"
        },
        {
          "name": "RHSA-2024:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3700"
        },
        {
          "name": "RHSA-2024:4008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4008"
        },
        {
          "name": "RHSA-2024:4486",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4486"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-5154"
        },
        {
          "name": "RHBZ#2280190",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280190"
        },
        {
          "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-10T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-05-27T18:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Cri-o: malicious container can create symlink on host",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no mitigation available for this vulnerability, a package update is required."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-5154",
    "datePublished": "2024-06-12T08:51:43.565Z",
    "dateReserved": "2024-05-20T20:46:53.974Z",
    "dateUpdated": "2024-12-11T03:44:42.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}