Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45648 (GCVE-0-2023-45648)
Vulnerability from cvelistv5 – Published: 2023-10-10 18:38 – Updated: 2025-10-29 12:00
VLAI
EPSS
Title
Apache Tomcat: Trailer header parsing too lenient
Summary
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially
crafted, invalid trailer header could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/2pv8yz1pyp088tsxf… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2023/1… | x_transferred |
| https://www.debian.org/security/2023/dsa-5522 | x_transferred |
| https://www.debian.org/security/2023/dsa-5521 | x_transferred |
| https://lists.debian.org/debian-lts-announce/2023… | x_transferred |
| https://security.netapp.com/advisory/ntap-2023110… | x_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.0-M11
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.13 (semver) Affected: 9.0.0-M1 , ≤ 9.0.81 (semver) Affected: 8.5.0 , ≤ 8.5.93 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
|
| apache | tomcat |
Affected:
11.0.0-m1 , ≤ 11.0.0-m11
(semver)
Affected: 10.1.0-m1 , ≤ 10.1.13 (semver) Affected: 9.0.0-m1 , ≤ 9.0.81 (semver) Affected: 8.5.0 , ≤ 8.5.93 (semver) cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:* |
Credits
Keran Mu and Jianjun Chen from Tsinghua University and Zhongguancun Laboratory
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0007/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tomcat",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "11.0.0-m11",
"status": "affected",
"version": "11.0.0-m1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.13",
"status": "affected",
"version": "10.1.0-m1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.81",
"status": "affected",
"version": "9.0.0-m1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.93",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:59:12.136875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T13:49:43.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M11",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.13",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.81",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.93",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Keran Mu and Jianjun Chen from Tsinghua University and Zhongguancun Laboratory"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Apache Tomcat.\u003cp\u003eTomcat\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93\u003c/span\u003e did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\u003c/p\u003e\u003cp\u003eOlder, EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T12:00:47.484Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Trailer header parsing too lenient",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-45648",
"datePublished": "2023-10-10T18:38:34.097Z",
"dateReserved": "2023-10-10T11:31:15.664Z",
"dateUpdated": "2025-10-29T12:00:47.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45648",
"date": "2026-06-08",
"epss": "0.62079",
"percentile": "0.98372"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndExcluding\": \"8.5.94\", \"matchCriteriaId\": \"FE1F7111-22BD-489A-B2C9-E67E0D601824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.1\", \"versionEndExcluding\": \"9.0.81\", \"matchCriteriaId\": \"37FCE624-DD65-4AC5-A602-BB66E0E54CFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.1\", \"versionEndExcluding\": \"10.1.14\", \"matchCriteriaId\": \"0995DE67-7E3B-4CFE-AB96-E2243F994755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*\", \"matchCriteriaId\": \"89B129B2-FB6F-4EF9-BF12-E589A87996CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B6787B6-54A8-475E-BA1C-AB99334B2535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*\", \"matchCriteriaId\": \"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*\", \"matchCriteriaId\": \"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A6DA0BE-908C-4DA8-A191-A0113235E99A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*\", \"matchCriteriaId\": \"39029C72-28B4-46A4-BFF5-EC822CFB2A4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*\", \"matchCriteriaId\": \"166C533C-0833-41D5-99B6-17A4FAB3CAF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3768C60-21FA-4B92-B98C-C3A2602D1BC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F542E12-6BA8-4504-A494-DA83E7E19BD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2409CC7-6A85-4A66-A457-0D62B9895DC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*\", \"matchCriteriaId\": \"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF411DDA-2601-449A-9046-D250419A0E1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B4FBF97-DE16-4E5E-BE19-471E01818D40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B266B1E-24B5-47EE-A421-E0E3CC0C7471\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*\", \"matchCriteriaId\": \"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1902D2E-1896-4D3D-9E1C-3A675255072C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"49AAF4DF-F61D-47A8-8788-A21E317A145D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\", \"matchCriteriaId\": \"454211D0-60A2-4661-AECA-4C0121413FEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*\", \"matchCriteriaId\": \"0686F977-889F-4960-8E0B-7784B73A7F2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*\", \"matchCriteriaId\": \"558703AE-DB5E-4DFF-B497-C36694DD7B24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED6273F2-1165-47A4-8DD7-9E9B2472941B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D402B5D-5901-43EB-8E6A-ECBD512CE367\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*\", \"matchCriteriaId\": \"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC64BB57-4912-481E-AE8D-C8FCD36142BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*\", \"matchCriteriaId\": \"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*\", \"matchCriteriaId\": \"919C16BD-79A7-4597-8D23-2CBDED2EF615\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*\", \"matchCriteriaId\": \"81B27C03-D626-42EC-AE4E-1E66624908E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD81405D-81A5-4683-A355-B39C912DAD2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DCE3576-86BC-4BB8-A5FB-1274744DFD7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*\", \"matchCriteriaId\": \"5571F54A-2EAC-41B6-BDA9-7D33CFE97F70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9846609D-51FC-4CDD-97B3-8C6E07108F14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED30E850-C475-4133-BDE3-74CB3768D787\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E321FB4-0B0C-497A-BB75-909D888C93CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CB9D150-EED6-4AE9-BCBE-48932E50035E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*\", \"matchCriteriaId\": \"D334103F-F64E-4869-BCC8-670A5AFCC76C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*\", \"matchCriteriaId\": \"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE1A9030-B397-4BA6-8E13-DA1503872DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*\", \"matchCriteriaId\": \"6284B74A-1051-40A7-9D74-380FEEEC3F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\", \"matchCriteriaId\": \"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\", \"matchCriteriaId\": \"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"03A171AF-2EC8-4422-912C-547CDB58CAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\", \"matchCriteriaId\": \"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\", \"matchCriteriaId\": \"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\", \"matchCriteriaId\": \"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Apache Tomcat.Tomcat\\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \\ncrafted, invalid trailer header could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\\n\\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de validaci\\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no v\\u00e1lido y especialmente manipulado podr\\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\\u00faltiples, lo que genera la posibilidad de contrabando de solicitudes cuando est\\u00e1 detr\\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema.\"}]",
"id": "CVE-2023-45648",
"lastModified": "2024-11-21T08:27:08.117",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2023-10-10T19:15:09.690",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/10\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231103-0007/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231103-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45648\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-10T19:15:09.690\",\"lastModified\":\"2025-08-07T11:15:27.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \\ncrafted, invalid trailer header could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\\n\\nOlder, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no v\u00e1lido y especialmente manipulado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que genera la posibilidad de contrabando de solicitudes cuando est\u00e1 detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.94\",\"matchCriteriaId\":\"FE1F7111-22BD-489A-B2C9-E67E0D601824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.1\",\"versionEndExcluding\":\"9.0.81\",\"matchCriteriaId\":\"37FCE624-DD65-4AC5-A602-BB66E0E54CFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.1\",\"versionEndExcluding\":\"10.1.14\",\"matchCriteriaId\":\"0995DE67-7E3B-4CFE-AB96-E2243F994755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B129B2-FB6F-4EF9-BF12-E589A87996CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6787B6-54A8-475E-BA1C-AB99334B2535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6DA0BE-908C-4DA8-A191-A0113235E99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"39029C72-28B4-46A4-BFF5-EC822CFB2A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C533C-0833-41D5-99B6-17A4FAB3CAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3768C60-21FA-4B92-B98C-C3A2602D1BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F542E12-6BA8-4504-A494-DA83E7E19BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2409CC7-6A85-4A66-A457-0D62B9895DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF411DDA-2601-449A-9046-D250419A0E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4FBF97-DE16-4E5E-BE19-471E01818D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B266B1E-24B5-47EE-A421-E0E3CC0C7471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*\",\"matchCriteriaId\":\"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AAF4DF-F61D-47A8-8788-A21E317A145D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0686F977-889F-4960-8E0B-7784B73A7F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"558703AE-DB5E-4DFF-B497-C36694DD7B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6273F2-1165-47A4-8DD7-9E9B2472941B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D402B5D-5901-43EB-8E6A-ECBD512CE367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC64BB57-4912-481E-AE8D-C8FCD36142BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"919C16BD-79A7-4597-8D23-2CBDED2EF615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B27C03-D626-42EC-AE4E-1E66624908E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD81405D-81A5-4683-A355-B39C912DAD2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCE3576-86BC-4BB8-A5FB-1274744DFD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"5571F54A-2EAC-41B6-BDA9-7D33CFE97F70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9846609D-51FC-4CDD-97B3-8C6E07108F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED30E850-C475-4133-BDE3-74CB3768D787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E321FB4-0B0C-497A-BB75-909D888C93CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB9D150-EED6-4AE9-BCBE-48932E50035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D334103F-F64E-4869-BCC8-670A5AFCC76C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE1A9030-B397-4BA6-8E13-DA1503872DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6284B74A-1051-40A7-9D74-380FEEEC3F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231103-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231103-0007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:21:16.919Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45648\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-16T16:59:12.136875Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-m11\"}, {\"status\": \"affected\", \"version\": \"10.1.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.13\"}, {\"status\": \"affected\", \"version\": \"9.0.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.81\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.93\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T16:22:17.743Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Trailer header parsing too lenient\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Keran Mu and Jianjun Chen from Tsinghua University and Zhongguancun Laboratory\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-M11\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.13\"}, {\"status\": \"affected\", \"version\": \"9.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.81\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.93\"}, {\"status\": \"unknown\", \"version\": \"3\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Apache Tomcat.Tomcat\\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \\ncrafted, invalid trailer header could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\\n\\nOlder, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in Apache Tomcat.\u003cp\u003eTomcat\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003efrom 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93\u003c/span\u003e did not correctly parse HTTP trailer headers. A specially \\ncrafted, invalid trailer header could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\u003c/p\u003e\u003cp\u003eOlder, EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T12:00:47.484Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45648\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-29T12:00:47.484Z\", \"dateReserved\": \"2023-10-10T11:31:15.664Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-10-10T18:38:34.097Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:0125
Vulnerability from csaf_redhat - Published: 2024-01-10 11:32 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0125",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0125.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:0125",
"initial_release_date": "2024-01-10T11:32:48+00:00",
"revision_history": [
{
"date": "2024-01-10T11:32:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T11:32:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024:0474
Vulnerability from csaf_redhat - Published: 2024-01-25 10:59 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0474",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0474.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:0474",
"initial_release_date": "2024-01-25T10:59:50+00:00",
"revision_history": [
{
"date": "2024-01-25T10:59:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-25T10:59:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024:4631
Vulnerability from csaf_redhat - Published: 2024-07-18 17:11 - Updated: 2026-06-08 15:38Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release
Severity
Important
Notes
Topic: Red Hat OpenShift Dev Spaces 3.15 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Important
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
|
Known not affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
76 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.15 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4631",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-3064",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-21698",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28948",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-46175",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-6378",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-41080",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45288",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45648",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "CRW-6593",
"url": "https://issues.redhat.com/browse/CRW-6593"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4631.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release",
"tracking": {
"current_release_date": "2026-06-08T15:38:01+00:00",
"generator": {
"date": "2026-06-08T15:38:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2024:4631",
"initial_release_date": "2024-07-18T17:11:22+00:00",
"revision_history": [
{
"date": "2024-07-18T17:11:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-18T17:11:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-08T15:38:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_id": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.15-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_id": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_id": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_id": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_id": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_id": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3064",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHC package for Red Hat Enterprise Linux 9 mark as Low severity as we do ship the affected code but it\u0027s not easily exposed because YAML files are not parsed by RHC.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "RHBZ#2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r",
"url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5",
"url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4",
"url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0956",
"url": "https://pkg.go.dev/vuln/GO-2022-0956"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-28948",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2088748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-gopkg-yaml: crash when attempting to deserialize invalid input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has designated the CVE rating as \u0027moderate\u0027 as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "RHBZ#2088748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq",
"url": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq"
}
],
"release_date": "2022-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "RHBZ#2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
}
],
"release_date": "2023-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024_0125
Vulnerability from csaf_redhat - Published: 2024-01-10 11:32 - Updated: 2024-12-10 16:41Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0125",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0125.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-12-10T16:41:52+00:00",
"generator": {
"date": "2024-12-10T16:41:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0125",
"initial_release_date": "2024-01-10T11:32:48+00:00",
"revision_history": [
{
"date": "2024-01-10T11:32:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T11:32:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:41:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024_0474
Vulnerability from csaf_redhat - Published: 2024-01-25 10:59 - Updated: 2024-12-10 16:41Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0474",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0474.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-12-10T16:41:56+00:00",
"generator": {
"date": "2024-12-10T16:41:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0474",
"initial_release_date": "2024-01-25T10:59:50+00:00",
"revision_history": [
{
"date": "2024-01-25T10:59:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-25T10:59:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:41:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024_4631
Vulnerability from csaf_redhat - Published: 2024-07-18 17:11 - Updated: 2024-12-18 05:04Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release
Severity
Important
Notes
Topic: Red Hat OpenShift Dev Spaces 3.15 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Important
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
|
Known not affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — | ||
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
76 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.15 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4631",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-3064",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-21698",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28948",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-46175",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-6378",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-41080",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45288",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45648",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "CRW-6593",
"url": "https://issues.redhat.com/browse/CRW-6593"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4631.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release",
"tracking": {
"current_release_date": "2024-12-18T05:04:33+00:00",
"generator": {
"date": "2024-12-18T05:04:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:4631",
"initial_release_date": "2024-07-18T17:11:22+00:00",
"revision_history": [
{
"date": "2024-07-18T17:11:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-18T17:11:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T05:04:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_id": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.15-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_id": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_id": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_id": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_id": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_id": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3064",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "RHBZ#2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r",
"url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5",
"url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4",
"url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0956",
"url": "https://pkg.go.dev/vuln/GO-2022-0956"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-28948",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2088748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-gopkg-yaml: crash when attempting to deserialize invalid input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has designated the CVE rating as \u0027moderate\u0027 as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "RHBZ#2088748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq",
"url": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq"
}
],
"release_date": "2022-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "RHBZ#2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
}
],
"release_date": "2023-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
SSA-784301
Vulnerability from csaf_siemens - Published: 2024-08-13 00:00 - Updated: 2024-08-13 00:00Summary
SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0
Notes
Summary: SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json"
}
],
"title": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-784301",
"initial_release_date": "2024-08-13T00:00:00Z",
"revision_history": [
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SINEC NMS",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\u0027s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41941"
}
]
}
SUSE-SU-2023:4337-1
Vulnerability from csaf_suse - Published: 2023-11-02 08:12 - Updated: 2023-11-02 08:12Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-42795: Fixed a potential information leak due to
insufficient cleanup (bsc#1216119).
- CVE-2023-45648: Fixed a request smuggling issue due to an incorrect
parsing of HTTP trailer headers (bsc#1216118).
Patchnames: SUSE-2023-4337,SUSE-SLE-SERVER-12-SP5-2023-4337
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-42795: Fixed a potential information leak due to\n insufficient cleanup (bsc#1216119).\n- CVE-2023-45648: Fixed a request smuggling issue due to an incorrect\n parsing of HTTP trailer headers (bsc#1216118).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4337,SUSE-SLE-SERVER-12-SP5-2023-4337",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4337-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4337-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234337-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4337-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016986.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216118",
"url": "https://bugzilla.suse.com/1216118"
},
{
"category": "self",
"summary": "SUSE Bug 1216119",
"url": "https://bugzilla.suse.com/1216119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45648/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-11-02T08:12:24Z",
"generator": {
"date": "2023-11-02T08:12:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4337-1",
"initial_release_date": "2023-11-02T08:12:24Z",
"revision_history": [
{
"date": "2023-11-02T08:12:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.111.1.noarch",
"product_id": "tomcat-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.111.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.111.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.111.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.111.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.111.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.111.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.111.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.111.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.111.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-02T08:12:24Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-45648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45648"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45648",
"url": "https://www.suse.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "SUSE Bug 1216118 for CVE-2023-45648",
"url": "https://bugzilla.suse.com/1216118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.111.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.111.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-02T08:12:24Z",
"details": "important"
}
],
"title": "CVE-2023-45648"
}
]
}
SUSE-SU-2023:4423-1
Vulnerability from csaf_suse - Published: 2023-11-13 12:11 - Updated: 2023-11-13 12:11Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-42795: Fixed a potential information leak due to
insufficient cleanup (bsc#1216119).
- CVE-2023-45648: Fixed a request smuggling issue due to an incorrect
parsing of HTTP trailer headers (bsc#1216118).
- CVE-2023-41080: Fixed URL Redirection to Untrusted Site
('Open Redirect') vulnerability in FORM authentication feature
(bsc#1214666).
Patchnames: SUSE-2023-4423,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4423,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4423,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4423
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-42795: Fixed a potential information leak due to\n insufficient cleanup (bsc#1216119).\n- CVE-2023-45648: Fixed a request smuggling issue due to an incorrect\n parsing of HTTP trailer headers (bsc#1216118).\n- CVE-2023-41080: Fixed URL Redirection to Untrusted Site\n (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature\n (bsc#1214666).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4423,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4423,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4423,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4423",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4423-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4423-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234423-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4423-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214666",
"url": "https://bugzilla.suse.com/1214666"
},
{
"category": "self",
"summary": "SUSE Bug 1216118",
"url": "https://bugzilla.suse.com/1216118"
},
{
"category": "self",
"summary": "SUSE Bug 1216119",
"url": "https://bugzilla.suse.com/1216119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45648/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-11-13T12:11:51Z",
"generator": {
"date": "2023-11-13T12:11:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4423-1",
"initial_release_date": "2023-11-13T12:11:51Z",
"revision_history": [
{
"date": "2023-11-13T12:11:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-embed-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-lib-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"product_id": "tomcat-webapps-9.0.36-150100.4.98.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.98.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-13T12:11:51Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-13T12:11:51Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-45648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45648"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45648",
"url": "https://www.suse.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "SUSE Bug 1216118 for CVE-2023-45648",
"url": "https://bugzilla.suse.com/1216118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.98.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.98.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-13T12:11:51Z",
"details": "important"
}
],
"title": "CVE-2023-45648"
}
]
}
SUSE-SU-2024:0472-1
Vulnerability from csaf_suse - Published: 2024-02-14 14:02 - Updated: 2024-02-14 14:02Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Updated to Tomcat 9.0.85:
- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).
- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)
The following non-security issues were fixed:
- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Patchnames: SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdated to Tomcat 9.0.85:\n\n- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).\n- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).\n- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).\n- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)\n- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)\n \nThe following non-security issues were fixed:\n\n- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).\n\nFind the full release notes at:\n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0472-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0472-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240472-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0472-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216118",
"url": "https://bugzilla.suse.com/1216118"
},
{
"category": "self",
"summary": "SUSE Bug 1216119",
"url": "https://bugzilla.suse.com/1216119"
},
{
"category": "self",
"summary": "SUSE Bug 1216120",
"url": "https://bugzilla.suse.com/1216120"
},
{
"category": "self",
"summary": "SUSE Bug 1217402",
"url": "https://bugzilla.suse.com/1217402"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE Bug 1217768",
"url": "https://bugzilla.suse.com/1217768"
},
{
"category": "self",
"summary": "SUSE Bug 1219208",
"url": "https://bugzilla.suse.com/1219208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42794 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22029/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2024-02-14T14:02:00Z",
"generator": {
"date": "2024-02-14T14:02:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0472-1",
"initial_release_date": "2024-02-14T14:02:00Z",
"revision_history": [
{
"date": "2024-02-14T14:02:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-embed-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-javadoc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsvc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-lib-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-webapps-9.0.85-150200.57.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-embed-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42794"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42794",
"url": "https://www.suse.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "SUSE Bug 1216120 for CVE-2023-42794",
"url": "https://bugzilla.suse.com/1216120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-45648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45648"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45648",
"url": "https://www.suse.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "SUSE Bug 1216118 for CVE-2023-45648",
"url": "https://bugzilla.suse.com/1216118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-22029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22029"
}
],
"notes": [
{
"category": "general",
"text": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22029",
"url": "https://www.suse.com/security/cve/CVE-2024-22029"
},
{
"category": "external",
"summary": "SUSE Bug 1219208 for CVE-2024-22029",
"url": "https://bugzilla.suse.com/1219208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2024-22029"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…