cvelistv5 - CVE-2024-21484

CVE-2024-21484 (GCVE-0-2024-21484)

Vulnerability from cvelistv5 – Published: 2024-01-22 05:00 – Updated: 2024-10-21 10:56

Summary

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P

CWE

CWE-203 - Observable Discrepancy

Assigner

snyk

References

URL

GSD-2024-21484

Vulnerability from gsd - Updated: 2023-12-23 06:02

Details

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

Aliases

CVE-2024-21484

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-21484"
      ],
      "details": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThis vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.",
      "id": "GSD-2024-21484",
      "modified": "2023-12-23T06:02:09.508178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "ID": "CVE-2024-21484",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "11.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.npm:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.bowergithub.kjur:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.bower:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Hubert Kario"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-203",
                "lang": "eng",
                "value": "Observable Discrepancy"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
          },
          {
            "name": "https://github.com/kjur/jsrsasign/issues/598",
            "refsource": "MISC",
            "url": "https://github.com/kjur/jsrsasign/issues/598"
          },
          {
            "name": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
            "refsource": "MISC",
            "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
          },
          {
            "name": "https://people.redhat.com/~hkario/marvin/",
            "refsource": "MISC",
            "url": "https://people.redhat.com/~hkario/marvin/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*",
                    "matchCriteriaId": "4651F559-5FE3-40F1-94FD-355954307381",
                    "versionEndExcluding": "11.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
          },
          {
            "lang": "es",
            "value": "Las versiones del paquete jsrsasign anteriores a 11.0.0 son vulnerables a la discrepancia observable a trav\u00e9s del proceso de descifrado RSA PKCS1.5 o RSAOAEP. Un atacante puede descifrar textos cifrados aprovechando esta vulnerabilidad. Explotar esta vulnerabilidad requiere que el atacante tenga acceso a una gran cantidad de textos cifrados con la misma clave. Workaround esta vulnerabilidad se puede mitigar buscando y reemplazando el descifrado RSA y RSAOAEP con otra librer\u00eda criptogr\u00e1fica."
          }
        ],
        "id": "CVE-2024-21484",
        "lastModified": "2024-03-06T14:15:47.533",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 4.7,
              "source": "report@snyk.io",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-22T05:15:08.720",
        "references": [
          {
            "source": "report@snyk.io",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://github.com/kjur/jsrsasign/issues/598"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Release Notes"
            ],
            "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
          },
          {
            "source": "report@snyk.io",
            "url": "https://people.redhat.com/~hkario/marvin/"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
          }
        ],
        "sourceIdentifier": "report@snyk.io",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-203"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-203"
              }
            ],
            "source": "report@snyk.io",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-21484

Vulnerability from fkie_nvd - Published: 2024-01-22 05:15 - Updated: 2024-11-21 08:54

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
report@snyk.io	https://github.com/kjur/jsrsasign/issues/598	Exploit, Issue Tracking, Vendor Advisory
report@snyk.io	https://github.com/kjur/jsrsasign/releases/tag/11.0.0	Patch, Release Notes
report@snyk.io	https://people.redhat.com/~hkario/marvin/
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kjur/jsrsasign/issues/598	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kjur/jsrsasign/releases/tag/11.0.0	Patch, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://people.redhat.com/~hkario/marvin/
af854a3a-2127-422b-91ae-364da2661108	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	jsrsasign_project	jsrsasign	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "4651F559-5FE3-40F1-94FD-355954307381",
              "versionEndExcluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
    },
    {
      "lang": "es",
      "value": "Las versiones del paquete jsrsasign anteriores a 11.0.0 son vulnerables a la discrepancia observable a trav\u00e9s del proceso de descifrado RSA PKCS1.5 o RSAOAEP. Un atacante puede descifrar textos cifrados aprovechando esta vulnerabilidad. Explotar esta vulnerabilidad requiere que el atacante tenga acceso a una gran cantidad de textos cifrados con la misma clave. Workaround esta vulnerabilidad se puede mitigar buscando y reemplazando el descifrado RSA y RSAOAEP con otra librer\u00eda criptogr\u00e1fica."
    }
  ],
  "id": "CVE-2024-21484",
  "lastModified": "2024-11-21T08:54:31.820",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.7,
        "source": "report@snyk.io",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T05:15:08.720",
  "references": [
    {
      "source": "report@snyk.io",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kjur/jsrsasign/issues/598"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Release Notes"
      ],
      "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
    },
    {
      "source": "report@snyk.io",
      "url": "https://people.redhat.com/~hkario/marvin/"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kjur/jsrsasign/issues/598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes"
      ],
      "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://people.redhat.com/~hkario/marvin/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "report@snyk.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHBA-2024:0928

Vulnerability from csaf_redhat - Published: 2024-02-20 15:58 - Updated: 2025-11-25 10:21

Summary

Red Hat Bug Fix Advisory: MTV 2.5.5 Images

Notes

Topic

Updated Release packages that fix several bugs and add various enhancements are now available.

Details

Migration Toolkit for Virtualization 2.5.5 Images

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization 2.5.5 Images",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:0928",
        "url": "https://access.redhat.com/errata/RHBA-2024:0928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_0928.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: MTV 2.5.5 Images",
    "tracking": {
      "current_release_date": "2025-11-25T10:21:30+00:00",
      "generator": {
        "date": "2025-11-25T10:21:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHBA-2024:0928",
      "initial_release_date": "2024-02-20T15:58:35+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-25T10:21:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "9Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "8Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.5-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.5-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.5-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.5-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.5-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T15:58:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2024-21484",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "discovery_date": "2024-01-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/issues/598",
          "url": "https://github.com/kjur/jsrsasign/issues/598"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
          "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
        }
      ],
      "release_date": "2024-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T15:58:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process"
    }
  ]
}

RHBA-2024_0928

Vulnerability from csaf_redhat - Published: 2024-02-20 15:58 - Updated: 2024-12-16 18:54

Summary

Red Hat Bug Fix Advisory: MTV 2.5.5 Images

Notes

Topic

Updated Release packages that fix several bugs and add various enhancements are now available.

Details

Migration Toolkit for Virtualization 2.5.5 Images

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization 2.5.5 Images",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:0928",
        "url": "https://access.redhat.com/errata/RHBA-2024:0928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_0928.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: MTV 2.5.5 Images",
    "tracking": {
      "current_release_date": "2024-12-16T18:54:01+00:00",
      "generator": {
        "date": "2024-12-16T18:54:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHBA-2024:0928",
      "initial_release_date": "2024-02-20T15:58:35+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-16T18:54:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "9Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "8Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.5-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.5-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.5-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.5-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.5-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T15:58:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2024-21484",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "discovery_date": "2024-01-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/issues/598",
          "url": "https://github.com/kjur/jsrsasign/issues/598"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
          "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
        }
      ],
      "release_date": "2024-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-20T15:58:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process"
    }
  ]
}

GHSA-RH63-9QCF-83GF

Vulnerability from github – Published: 2024-01-19 15:06 – Updated: 2024-02-27 19:23

Summary

Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

Details

Impact

RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.

Patches

update to jsrsasign 11.0.0.

Workarounds

Find and replace RSA and RSAOAEP decryption with other crypto library.

References

https://people.redhat.com/~hkario/marvin/ https://github.com/kjur/jsrsasign/issues/598 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jsrsasign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-19T15:06:07Z",
    "nvd_published_at": "2024-01-22T05:15:08Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nRSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.\n\n### Patches\nupdate to jsrsasign 11.0.0.\n\n### Workarounds\nFind and replace RSA and RSAOAEP decryption with other crypto library.\n\n### References\nhttps://people.redhat.com/~hkario/marvin/\nhttps://github.com/kjur/jsrsasign/issues/598\nhttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484",
  "id": "GHSA-rh63-9qcf-83gf",
  "modified": "2024-02-27T19:23:58Z",
  "published": "2024-01-19T15:06:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/issues/598"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kjur/jsrsasign"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
    },
    {
      "type": "WEB",
      "url": "https://people.redhat.com/~hkario/marvin"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Marvin Attack of RSA and RSAOAEP decryption in jsrsasign"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21484 (GCVE-0-2024-21484)

GSD-2024-21484

FKIE_CVE-2024-21484

RHBA-2024:0928

RHBA-2024_0928

GHSA-RH63-9QCF-83GF

Impact

Patches

Workarounds

References

Tags

Sightings

Nomenclature