cvelistv5 - CVE-2024-21484

URL	Tags
report@snyk.io	https://github.com/kjur/jsrsasign/issues/598	Exploit, Issue Tracking, Vendor Advisory
report@snyk.io	https://github.com/kjur/jsrsasign/releases/tag/11.0.0	Patch, Release Notes
report@snyk.io	https://people.redhat.com/~hkario/marvin/
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732	Patch, Third Party Advisory
report@snyk.io	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731	Patch, Third Party Advisory

▼	Vendor	Product
	n/a	jsrsasign
	n/a	org.webjars.npm:jsrsasign
	n/a	org.webjars.bowergithub.kjur:jsrsasign
	n/a	org.webjars.bower:jsrsasign

ghsa-rh63-9qcf-83gf

Vulnerability from github

Published

2024-01-19 15:06

Modified

2024-02-27 19:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

Summary

Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

Details

Impact

RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.

Patches

update to jsrsasign 11.0.0.

Workarounds

Find and replace RSA and RSAOAEP decryption with other crypto library.

References

https://people.redhat.com/~hkario/marvin/ https://github.com/kjur/jsrsasign/issues/598 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jsrsasign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-19T15:06:07Z",
    "nvd_published_at": "2024-01-22T05:15:08Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nRSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.\n\n### Patches\nupdate to jsrsasign 11.0.0.\n\n### Workarounds\nFind and replace RSA and RSAOAEP decryption with other crypto library.\n\n### References\nhttps://people.redhat.com/~hkario/marvin/\nhttps://github.com/kjur/jsrsasign/issues/598\nhttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484",
  "id": "GHSA-rh63-9qcf-83gf",
  "modified": "2024-02-27T19:23:58Z",
  "published": "2024-01-19T15:06:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/issues/598"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kjur/jsrsasign"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
    },
    {
      "type": "WEB",
      "url": "https://people.redhat.com/~hkario/marvin"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Marvin Attack of RSA and RSAOAEP decryption in jsrsasign"
}

gsd-2024-21484

Vulnerability from gsd

Modified

2023-12-23 06:02

Details

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

Aliases

CVE-2024-21484

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-21484"
      ],
      "details": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThis vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.",
      "id": "GSD-2024-21484",
      "modified": "2023-12-23T06:02:09.508178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "ID": "CVE-2024-21484",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "11.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.npm:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.bowergithub.kjur:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "org.webjars.bower:jsrsasign",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Hubert Kario"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-203",
                "lang": "eng",
                "value": "Observable Discrepancy"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
          },
          {
            "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
            "refsource": "MISC",
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
          },
          {
            "name": "https://github.com/kjur/jsrsasign/issues/598",
            "refsource": "MISC",
            "url": "https://github.com/kjur/jsrsasign/issues/598"
          },
          {
            "name": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
            "refsource": "MISC",
            "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
          },
          {
            "name": "https://people.redhat.com/~hkario/marvin/",
            "refsource": "MISC",
            "url": "https://people.redhat.com/~hkario/marvin/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*",
                    "matchCriteriaId": "4651F559-5FE3-40F1-94FD-355954307381",
                    "versionEndExcluding": "11.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
          },
          {
            "lang": "es",
            "value": "Las versiones del paquete jsrsasign anteriores a 11.0.0 son vulnerables a la discrepancia observable a trav\u00e9s del proceso de descifrado RSA PKCS1.5 o RSAOAEP. Un atacante puede descifrar textos cifrados aprovechando esta vulnerabilidad. Explotar esta vulnerabilidad requiere que el atacante tenga acceso a una gran cantidad de textos cifrados con la misma clave. Workaround esta vulnerabilidad se puede mitigar buscando y reemplazando el descifrado RSA y RSAOAEP con otra librer\u00eda criptogr\u00e1fica."
          }
        ],
        "id": "CVE-2024-21484",
        "lastModified": "2024-03-06T14:15:47.533",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 4.7,
              "source": "report@snyk.io",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-22T05:15:08.720",
        "references": [
          {
            "source": "report@snyk.io",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://github.com/kjur/jsrsasign/issues/598"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Release Notes"
            ],
            "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
          },
          {
            "source": "report@snyk.io",
            "url": "https://people.redhat.com/~hkario/marvin/"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
          },
          {
            "source": "report@snyk.io",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
          }
        ],
        "sourceIdentifier": "report@snyk.io",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-203"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-203"
              }
            ],
            "source": "report@snyk.io",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

rhba-2024_0928

Vulnerability from csaf_redhat

Published

2024-02-20 15:58

Modified

2024-10-14 15:12

Summary

Red Hat Bug Fix Advisory: MTV 2.5.5 Images

Notes

Topic

Updated Release packages that fix several bugs and add various enhancements are now available.

Details

Migration Toolkit for Virtualization 2.5.5 Images

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization 2.5.5 Images",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:0928",
        "url": "https://access.redhat.com/errata/RHBA-2024:0928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_0928.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: MTV 2.5.5 Images",
    "tracking": {
      "current_release_date": "2024-10-14T15:12:35+00:00",
      "generator": {
        "date": "2024-10-14T15:12:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.0.1"
        }
      },
      "id": "RHBA-2024:0928",
      "initial_release_date": "2024-02-20T15:58:35+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-10-14T15:12:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "9Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "8Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.5-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.5-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.5-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.5-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.5-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2024-21484",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "discovery_date": "2024-01-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/issues/598",
          "url": "https://github.com/kjur/jsrsasign/issues/598"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
          "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
        }
      ],
      "release_date": "2024-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process"
    }
  ]
}

Action not permitted

CVE-2024-21484

Vulnerability from cvelistv5

ghsa-rh63-9qcf-83gf

Vulnerability from github

Impact

Patches

Workarounds

References

gsd-2024-21484

Vulnerability from gsd

rhba-2024_0928

Vulnerability from csaf_redhat

Tags