Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22234 (GCVE-0-2024-22234)
Vulnerability from cvelistv5 – Published: 2024-02-20 07:02 – Updated: 2025-02-13 17:33
VLAI?
EPSS
Title
CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Severity ?
7.4 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Affected:
6.1.x , < 6.1.7
(6.1.7)
Affected: 6.2.x , < 6.2.2 (6.2.2) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:46:52.509563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:21:05.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.x",
"versionType": "6.1.7"
},
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.x",
"versionType": "6.2.2"
}
]
}
],
"datePublic": "2024-02-19T08:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:18.496Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22234"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22234",
"datePublished": "2024-02-20T07:02:50.873Z",
"dateReserved": "2024-01-08T16:40:16.141Z",
"dateUpdated": "2025-02-13T17:33:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0method.\\n\\nSpecifically, an application is vulnerable if:\\n\\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0directly and a null\\u00a0authentication parameter is passed to it resulting in an erroneous true\\u00a0return value.\\n\\n\\nAn application is not vulnerable if any of the following is true:\\n\\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0directly.\\n * The application does not pass null\\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\\n * The application only uses isFullyAuthenticated\\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \\u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\\u00edficamente, una aplicaci\\u00f3n es vulnerable si: * La aplicaci\\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\\u00e1metro de autenticaci\\u00f3n nulo, lo que genera un valor de retorno verdadero err\\u00f3neo. Una aplicaci\\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\\u00f3n solo usa isFullyAuthenticated a trav\\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"}]",
"id": "CVE-2024-22234",
"lastModified": "2024-11-21T08:55:51.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
"published": "2024-02-20T07:15:09.967",
"references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0003/\", \"source\": \"security@vmware.com\"}, {\"url\": \"https://spring.io/security/cve-2024-22234\", \"source\": \"security@vmware.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://spring.io/security/cve-2024-22234\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22234\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-02-20T07:15:09.967\",\"lastModified\":\"2025-04-02T20:10:31.627\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\\n\\nSpecifically, an application is vulnerable if:\\n\\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\\n\\n\\nAn application is not vulnerable if any of the following is true:\\n\\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"},{\"lang\":\"es\",\"value\":\"En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si: * La aplicaci\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\u00e1metro de autenticaci\u00f3n nulo, lo que genera un valor de retorno verdadero err\u00f3neo. Una aplicaci\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\u00f3n solo usa isFullyAuthenticated a trav\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.7\",\"matchCriteriaId\":\"564058EB-83BD-4201-92DE-0E1AE03010C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.2.2\",\"matchCriteriaId\":\"00671E75-D41E-4F65-9F61-5F6DEDAA0D5A\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0003/\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://spring.io/security/cve-2024-22234\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://spring.io/security/cve-2024-22234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://spring.io/security/cve-2024-22234\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0003/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:43:33.656Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22234\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-21T19:46:52.509563Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"spring_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"spring_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-26T17:20:13.341Z\"}}], \"cna\": {\"title\": \"CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Spring\", \"product\": \"Spring Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.x\", \"lessThan\": \"6.1.7\", \"versionType\": \"6.1.7\"}, {\"status\": \"affected\", \"version\": \"6.2.x\", \"lessThan\": \"6.2.2\", \"versionType\": \"6.2.2\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-02-19T08:59:00.000Z\", \"references\": [{\"url\": \"https://spring.io/security/cve-2024-22234\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0003/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0method.\\n\\nSpecifically, an application is vulnerable if:\\n\\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0directly and a null\\u00a0authentication parameter is passed to it resulting in an erroneous true\\u00a0return value.\\n\\n\\nAn application is not vulnerable if any of the following is true:\\n\\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\\u00a0directly.\\n * The application does not pass null\\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\\n * The application only uses isFullyAuthenticated\\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \\u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\\\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\\\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-02-20T07:02:50.873Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22234\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:43:33.656Z\", \"dateReserved\": \"2024-01-08T16:40:16.141Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-02-20T07:02:50.873Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0147
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Spring Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Security versions 6.1.x ant\u00e9rieures \u00e0 6.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 6.2.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0147",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eSpring\nSecurity\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Spring CVE-2024-22234 du 19 f\u00e9vrier 2024",
"url": "https://spring.io/security/cve-2024-22234/"
}
]
}
CERTFR-2024-AVI-0147
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Spring Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Security versions 6.1.x ant\u00e9rieures \u00e0 6.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 6.2.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0147",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eSpring\nSecurity\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Spring CVE-2024-22234 du 19 f\u00e9vrier 2024",
"url": "https://spring.io/security/cve-2024-22234/"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
NCSC-2024-0294
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-681
Incorrect Conversion between Numeric Types
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-192
Integer Coercion Error
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-295
Improper Certificate Validation
CWE-345
Insufficient Verification of Data Authenticity
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450
Multiple Interpretations of UI Input
CWE-459
Incomplete Cleanup
CWE-476
NULL Pointer Dereference
CWE-502
Deserialization of Untrusted Data
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48174"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26130"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2024-07-17T13:52:53.293003Z",
"id": "NCSC-2024-0294",
"initial_release_date": "2024-07-17T13:52:53.293003Z",
"revision_history": [
{
"date": "2024-07-17T13:52:53.293003Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-204629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json"
}
],
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-204629",
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42890",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48174",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28752",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34069"
}
]
}
WID-SEC-W-2024-0417
Vulnerability from csaf_certbund - Published: 2024-02-18 23:00 - Updated: 2024-07-01 22:00Summary
VMware Tanzu Spring Security: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Spring Security ist ein Framework, das Authentifizierung, Autorisierung und Schutz vor gängigen Angriffen bietet.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Spring Security ist ein Framework, das Authentifizierung, Autorisierung und Schutz vor g\u00e4ngigen Angriffen bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0417 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0417.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0417 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0417"
},
{
"category": "external",
"summary": "Spring Security Advisories vom 2024-02-18",
"url": "https://spring.io/security/cve-2024-22234"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3550 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-133 vom 2024-07-02",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-133/index.html"
}
],
"source_lang": "en-US",
"title": "VMware Tanzu Spring Security: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-07-01T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:05:23.795+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0417",
"initial_release_date": "2024-02-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HITACHI aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.7",
"product": {
"name": "VMware Tanzu Spring Security \u003c6.1.7",
"product_id": "T032889"
}
},
{
"category": "product_version_range",
"name": "\u003c6.2.2",
"product": {
"name": "VMware Tanzu Spring Security \u003c6.2.2",
"product_id": "T032890"
}
}
],
"category": "product_name",
"name": "Spring Security"
}
],
"category": "vendor",
"name": "VMware Tanzu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22234",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in VMware Tanzu Spring Security. Die Ursache ist eine fehlerhafte Zugriffskontrolle, wenn die Methode AuthenticationTrustResolver.isFullyAuthenticated(Authentication) direkt verwendet wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"T017562"
]
},
"release_date": "2024-02-18T23:00:00.000+00:00",
"title": "CVE-2024-22234"
}
]
}
WID-SEC-W-2024-1642
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-11-20 23:00Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1642 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1642 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Communications vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6016 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9975 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9975"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9976 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9976"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T13:09:50.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1642",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_version",
"name": "12.6.1.0.0",
"product": {
"name": "Oracle Communications 12.6.1.0.0",
"product_id": "T027338",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "15.0.0.0.0",
"product": {
"name": "Oracle Communications 15.0.0.0.0",
"product_id": "T032090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.1",
"product": {
"name": "Oracle Communications 23.4.1",
"product_id": "T034143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.1"
}
}
},
{
"category": "product_version",
"name": "23.4.2",
"product": {
"name": "Oracle Communications 23.4.2",
"product_id": "T034144",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196-fixed"
}
},
{
"category": "product_version",
"name": "24.2.0",
"product": {
"name": "Oracle Communications 24.2.0",
"product_id": "T036197",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198-fixed"
}
},
{
"category": "product_version",
"name": "46.6.4",
"product": {
"name": "Oracle Communications 46.6.4",
"product_id": "T036199",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.4"
}
}
},
{
"category": "product_version",
"name": "46.6.5",
"product": {
"name": "Oracle Communications 46.6.5",
"product_id": "T036200",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.5"
}
}
},
{
"category": "product_version",
"name": "12.11.3",
"product": {
"name": "Oracle Communications 12.11.3",
"product_id": "T036201",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.3"
}
}
},
{
"category": "product_version",
"name": "12.11.4",
"product": {
"name": "Oracle Communications 12.11.4",
"product_id": "T036202",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203-fixed"
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "Oracle Communications 10.5",
"product_id": "T036204",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:10.5"
}
}
},
{
"category": "product_version",
"name": "4.1.0",
"product": {
"name": "Oracle Communications 4.1.0",
"product_id": "T036205",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.1.0"
}
}
},
{
"category": "product_version",
"name": "4.2.0",
"product": {
"name": "Oracle Communications 4.2.0",
"product_id": "T036206",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.2.0"
}
}
},
{
"category": "product_version",
"name": "9.2.0",
"product": {
"name": "Oracle Communications 9.2.0",
"product_id": "T036207",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.2.0"
}
}
},
{
"category": "product_version",
"name": "9.3.0",
"product": {
"name": "Oracle Communications 9.3.0",
"product_id": "T036208",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.3.0"
}
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "Oracle Communications 12.11.0",
"product_id": "T036209",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210-fixed"
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-5685",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2024-0450",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-22019",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-2961",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-34064",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34069"
},
{
"cve": "CVE-2024-6162",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-6162"
}
]
}
FKIE_CVE-2024-22234
Vulnerability from fkie_nvd - Published: 2024-02-20 07:15 - Updated: 2025-04-02 20:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20240315-0003/ | Third Party Advisory | |
| security@vmware.com | https://spring.io/security/cve-2024-22234 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240315-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://spring.io/security/cve-2024-22234 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564058EB-83BD-4201-92DE-0E1AE03010C1",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00671E75-D41E-4F65-9F61-5F6DEDAA0D5A",
"versionEndExcluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
},
{
"lang": "es",
"value": "En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si: * La aplicaci\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\u00e1metro de autenticaci\u00f3n nulo, lo que genera un valor de retorno verdadero err\u00f3neo. Una aplicaci\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\u00f3n solo usa isFullyAuthenticated a trav\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"id": "CVE-2024-22234",
"lastModified": "2025-04-02T20:10:31.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T07:15:09.967",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22234"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GSD-2024-22234
Vulnerability from gsd - Updated: 2024-01-09 06:02Details
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22234"
],
"details": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n",
"id": "GSD-2024-22234",
"modified": "2024-01-09T06:02:15.313448Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2024-22234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.x",
"version_value": "6.1.7"
},
{
"version_affected": "\u003c",
"version_name": "6.2.x",
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://spring.io/security/cve-2024-22234",
"refsource": "MISC",
"url": "https://spring.io/security/cve-2024-22234"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240315-0003/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n"
},
{
"lang": "es",
"value": "En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si: * La aplicaci\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\u00e1metro de autenticaci\u00f3n nulo, lo que genera un valor de retorno verdadero err\u00f3neo. Una aplicaci\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\u00f3n solo usa isFullyAuthenticated a trav\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"id": "CVE-2024-22234",
"lastModified": "2024-03-15T11:15:08.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-02-20T07:15:09.967",
"references": [
{
"source": "security@vmware.com",
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
},
{
"source": "security@vmware.com",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
RHSA-2024:3550
Vulnerability from csaf_redhat - Published: 2024-06-03 11:52 - Updated: 2025-11-25 15:58Summary
Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.
Notes
Topic
HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)
* nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)
* jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)
* netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)
* follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)\n\n* nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)\n\n* jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)\n\n* netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)\n\n* follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3550",
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3550.json"
}
],
"title": "Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.",
"tracking": {
"current_release_date": "2025-11-25T15:58:04+00:00",
"generator": {
"date": "2025-11-25T15:58:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3550",
"initial_release_date": "2024-06-03T11:52:35+00:00",
"revision_history": [
{
"date": "2024-06-03T11:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-03T11:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T15:58:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product": {
"name": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product_id": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhboac_hawtio:4.0.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ip: arbitrary code execution via the isPublic() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.\n\nRed Hat Developer Hub contains a fix in 1.1-91 version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42282"
},
{
"category": "external",
"summary": "RHBZ#2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-ip: arbitrary code execution via the isPublic() function"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266921"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: denial of service via specially crafted JWE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51775"
},
{
"category": "external",
"summary": "RHBZ#2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
}
],
"release_date": "2024-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose4j: denial of service via specially crafted JWE"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
}
]
}
RHSA-2024_3550
Vulnerability from csaf_redhat - Published: 2024-06-03 11:52 - Updated: 2024-12-17 20:53Summary
Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.
Notes
Topic
HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)
* nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)
* jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)
* netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)
* follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)\n\n* nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)\n\n* jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)\n\n* netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)\n\n* follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3550",
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3550.json"
}
],
"title": "Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.",
"tracking": {
"current_release_date": "2024-12-17T20:53:41+00:00",
"generator": {
"date": "2024-12-17T20:53:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3550",
"initial_release_date": "2024-06-03T11:52:35+00:00",
"revision_history": [
{
"date": "2024-06-03T11:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-03T11:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T20:53:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product": {
"name": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product_id": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhboac_hawtio:4.0.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ip: arbitrary code execution via the isPublic() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42282"
},
{
"category": "external",
"summary": "RHBZ#2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-ip: arbitrary code execution via the isPublic() function"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266921"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: denial of service via specially crafted JWE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51775"
},
{
"category": "external",
"summary": "RHBZ#2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
}
],
"release_date": "2024-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose4j: denial of service via specially crafted JWE"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-03T11:52:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HawtIO 4.0.0 for Red Hat build of Apache Camel 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
}
]
}
RHSA-2024_6667
Vulnerability from csaf_redhat - Published: 2024-09-12 21:30 - Updated: 2024-12-18 05:26Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6667",
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "CRW-6868",
"url": "https://issues.redhat.com/browse/CRW-6868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release",
"tracking": {
"current_release_date": "2024-12-18T05:26:37+00:00",
"generator": {
"date": "2024-12-18T05:26:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:6667",
"initial_release_date": "2024-09-12T21:30:49+00:00",
"revision_history": [
{
"date": "2024-09-12T21:30:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-12T21:30:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T05:26:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_id": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_id": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_id": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_id": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_id": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_id": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2154086"
}
],
"notes": [
{
"category": "description",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okhttp: information disclosure via improperly used cryptographic function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0341"
},
{
"category": "external",
"summary": "RHBZ#2154086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
},
{
"category": "external",
"summary": "https://source.android.com/security/bulletin/2021-02-01",
"url": "https://source.android.com/security/bulletin/2021-02-01"
}
],
"release_date": "2021-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "okhttp: information disclosure via improperly used cryptographic function"
},
{
"cve": "CVE-2023-3635",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2229295"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okio: GzipSource class improper exception handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3635"
},
{
"category": "external",
"summary": "RHBZ#2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "okio: GzipSource class improper exception handling"
},
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-30260",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "RHBZ#2273522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
},
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
}
]
}
RHSA-2024:6667
Vulnerability from csaf_redhat - Published: 2024-09-12 21:30 - Updated: 2025-12-08 19:03Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6667",
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "CRW-6868",
"url": "https://issues.redhat.com/browse/CRW-6868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release",
"tracking": {
"current_release_date": "2025-12-08T19:03:28+00:00",
"generator": {
"date": "2025-12-08T19:03:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2024:6667",
"initial_release_date": "2024-09-12T21:30:49+00:00",
"revision_history": [
{
"date": "2024-09-12T21:30:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-12T21:30:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-08T19:03:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_id": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_id": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_id": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_id": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_id": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_id": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2154086"
}
],
"notes": [
{
"category": "description",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okhttp: information disclosure via improperly used cryptographic function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0341"
},
{
"category": "external",
"summary": "RHBZ#2154086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
},
{
"category": "external",
"summary": "https://source.android.com/security/bulletin/2021-02-01",
"url": "https://source.android.com/security/bulletin/2021-02-01"
}
],
"release_date": "2021-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "okhttp: information disclosure via improperly used cryptographic function"
},
{
"cve": "CVE-2023-3635",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2229295"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okio: GzipSource class improper exception handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3635"
},
{
"category": "external",
"summary": "RHBZ#2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "okio: GzipSource class improper exception handling"
},
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.\n\nPython 2.7.18 was marked End of Life on 04/20/2020. No patches for Python 2 would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-30260",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "RHBZ#2273522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
},
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
}
]
}
RHSA-2024:4884
Vulnerability from csaf_redhat - Published: 2024-07-25 19:26 - Updated: 2025-11-21 19:07Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI supportd (CVE-2024-1300)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* undertow: url-encoded request path information can be broken on ajp-listener (CVE-2024-6162)
* jetty: stop accepting new connections from valid clients (CVE-2024-22201)
* threetenbp: null pointer exception (CVE-2024-23081)
* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service (CVE-2024-29857)
* org.bouncycastle-bcprov-jdk18on: bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) (CVE-2024-30171)
* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class (CVE-2024-30172)
* mvel: TimeOut error when calling ParseTools.subCompileExpression() function (CVE-2023-51079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI supportd (CVE-2024-1300)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* undertow: url-encoded request path information can be broken on ajp-listener (CVE-2024-6162)\n\n* jetty: stop accepting new connections from valid clients (CVE-2024-22201)\n\n* threetenbp: null pointer exception (CVE-2024-23081)\n\n* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service (CVE-2024-29857)\n\n* org.bouncycastle-bcprov-jdk18on: bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) (CVE-2024-30171)\n\n* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class (CVE-2024-30172)\n\n* mvel: TimeOut error when calling ParseTools.subCompileExpression() function (CVE-2023-51079)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4884",
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2256065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065"
},
{
"category": "external",
"summary": "2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "2266136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136"
},
{
"category": "external",
"summary": "2266523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523"
},
{
"category": "external",
"summary": "2274197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197"
},
{
"category": "external",
"summary": "2276360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360"
},
{
"category": "external",
"summary": "2292211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
},
{
"category": "external",
"summary": "2293025",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025"
},
{
"category": "external",
"summary": "2293028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028"
},
{
"category": "external",
"summary": "2293069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4884.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.",
"tracking": {
"current_release_date": "2025-11-21T19:07:47+00:00",
"generator": {
"date": "2025-11-21T19:07:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4884",
"initial_release_date": "2024-07-25T19:26:07+00:00",
"revision_history": [
{
"date": "2024-07-25T19:26:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-24T15:24:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:07:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
"product": {
"name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
"product_id": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-51079",
"discovery_date": "2023-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256065"
}
],
"notes": [
{
"category": "description",
"text": "[DISPUTED] A vulnerability was found in the ParseTools.subCompileExpression() method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to undesired outcomes or disruptions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is disputed because the only anticipated outcome is that the parser will take an exceptionally long time to complete its task.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51079"
},
{
"category": "external",
"summary": "RHBZ#2256065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51079"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079"
},
{
"category": "external",
"summary": "https://github.com/mvel/mvel/issues/348",
"url": "https://github.com/mvel/mvel/issues/348"
}
],
"release_date": "2023-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function"
},
{
"cve": "CVE-2024-1023",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260840"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1023"
},
{
"category": "external",
"summary": "RHBZ#2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
"url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
}
],
"release_date": "2024-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
},
{
"cve": "CVE-2024-1300",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263139"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This affects only TLS servers with SNI enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1300"
},
{
"category": "external",
"summary": "RHBZ#2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
},
{
"category": "external",
"summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
}
],
"release_date": "2024-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
},
{
"cve": "CVE-2024-1597",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2024-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266523"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application\u0027s database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn\u0027t directly utilize the PostgreSQL JDBC Driver and doesn\u0027t set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1597"
},
{
"category": "external",
"summary": "RHBZ#2266523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"
},
{
"category": "external",
"summary": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/",
"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"
},
{
"category": "external",
"summary": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/",
"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
},
{
"cve": "CVE-2024-5971",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292211"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow\u0027s mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5971"
},
{
"category": "external",
"summary": "RHBZ#2292211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5971"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971"
}
],
"release_date": "2024-07-08T20:46:55+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293069"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: url-encoded request path information can be broken on ajp-listener",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate severity rather than important because it specifically affects URL-encoded request paths under concurrent access conditions, primarily through the AJP listener. While it can lead to 404 errors or application failures, it does not inherently compromise data integrity, security, or lead to direct unauthorized access. The impact is limited to incorrect handling of certain URL-encoded paths, which means it primarily disrupts access to static or encoded resources rather than posing a broader risk to the system\u2019s overall security or functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6162"
},
{
"category": "external",
"summary": "RHBZ#2293069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/JBEAP-26268",
"url": "https://issues.redhat.com/browse/JBEAP-26268"
}
],
"release_date": "2024-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: url-encoded request path information can be broken on ajp-listener"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266136"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: stop accepting new connections from valid clients",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22201"
},
{
"category": "external",
"summary": "RHBZ#2266136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/issues/11256",
"url": "https://github.com/jetty/jetty.project/issues/11256"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98"
}
],
"release_date": "2024-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: stop accepting new connections from valid clients"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270158"
}
],
"notes": [
{
"category": "description",
"text": "A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVoter#vote passing a NULL authentication parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control With Direct Use of AuthenticatedVoter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The AuthenticatedVoter class was deprecated since Spring Security 5.8 is used in favor of the AuthorizationManager class, which is not vulnerable to this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22257"
},
{
"category": "external",
"summary": "RHBZ#2270158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22257",
"url": "https://spring.io/security/cve-2024-22257"
}
],
"release_date": "2024-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security: Broken Access Control With Direct Use of AuthenticatedVoter"
},
{
"cve": "CVE-2024-23081",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2024-04-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274197"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "threetenbp: null pointer exception",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23081"
},
{
"category": "external",
"summary": "RHBZ#2274197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081"
},
{
"category": "external",
"summary": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3",
"url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3"
},
{
"category": "external",
"summary": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17",
"url": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17"
},
{
"category": "external",
"summary": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671",
"url": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671"
}
],
"release_date": "2024-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "threetenbp: null pointer exception"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
},
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293028"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java). Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29857"
},
{
"category": "external",
"summary": "RHBZ#2293028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857"
}
],
"release_date": "2024-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service"
},
{
"acknowledgments": [
{
"names": [
"Hubert Kario"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2024-30171",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2024-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2276360"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process (a.k.a. Marvin Attack). An attacker can recover cipher-texts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-208: Observable Timing Discrepancy vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operations. Baseline configurations and system controls ensure secure software states, while least functionality reduces the attack surface by maintaining consistent settings and minimizing timing variations that could expose discrepancies. Domain accounts are configured with lockout policies to reduce the effectiveness of brute-force attacks and prevent attackers from inferring valid credentials through response timing. Event logs are centrally collected and analyzed to detect anomalous timing-based behaviors that may indicate timing attacks. Static code analysis and peer reviews enforce strong input validation and error handling, limiting the introduction of time-based exploits. Additionally, controls such as process isolation and encryption of data at rest contain the impact of successful exploitation by isolating compromised processes and preventing unauthorized data access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30171"
},
{
"category": "external",
"summary": "RHBZ#2276360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171"
},
{
"category": "external",
"summary": "https://people.redhat.com/~hkario/marvin/",
"url": "https://people.redhat.com/~hkario/marvin/"
}
],
"release_date": "2024-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293025"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30172"
},
{
"category": "external",
"summary": "RHBZ#2293025",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172"
},
{
"category": "external",
"summary": "https://www.bouncycastle.org/latest_releases.html",
"url": "https://www.bouncycastle.org/latest_releases.html"
}
],
"release_date": "2024-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class"
},
{
"cve": "CVE-2024-34447",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279227"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection() function. If endpoint identification is enabled, this flow allows an attacker to trigger hostname verification against a DNS-resolved address.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.bouncycastle: Use of Incorrectly-Resolved Name or Reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Bouncy Castle Java Cryptography APIs, allowing for incorrect resolution of domain names during SSL/TLS connections without explicitly specifying a hostname, is assessed as moderate severity due to its potential impact on security. By exploiting this flaw, an attacker could manipulate DNS resolution to present a different server\u0027s certificate, leading to a mismatch between expected and verified hostnames. While this could facilitate a man-in-the-middle attack under specific conditions, its severity is moderated by the prerequisite of the attacker controlling DNS responses or intercepting network traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34447"
},
{
"category": "external",
"summary": "RHBZ#2279227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34447"
}
],
"release_date": "2024-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T19:26:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.bouncycastle: Use of Incorrectly-Resolved Name or Reference"
}
]
}
GHSA-W3W6-26F2-P474
Vulnerability from github – Published: 2024-02-20 09:30 – Updated: 2025-02-13 19:13
VLAI?
Summary
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Details
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
- The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
- The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Severity ?
7.4 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0"
},
{
"fixed": "6.1.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.2.0"
},
{
"fixed": "6.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-22234"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-21T00:17:30Z",
"nvd_published_at": "2024-02-20T07:15:09Z",
"severity": "HIGH"
},
"details": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html",
"id": "GHSA-w3w6-26f2-p474",
"modified": "2025-02-13T19:13:23Z",
"published": "2024-02-20T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-security/commit/750cb30ce44d279c2f54c845d375e6a58bded569"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-security"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240315-0003"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
}
CNVD-2024-09335
Vulnerability from cnvd - Published: 2024-02-21
VLAI Severity ?
Title
Spring Security存在访问控制错误漏洞
Description
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
Spring Security存在访问控制错误漏洞,攻击者可利用该漏洞进行身份验证和授权绕过。
Severity
高
Patch Name
Spring Security存在访问控制错误漏洞的补丁
Patch Description
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
Spring Security存在访问控制错误漏洞,攻击者可利用该漏洞进行身份验证和授权绕过。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前官方已修复该漏洞,受影响用户可以升级更新到安全版本。官方下载链接: https://spring.io/projects/spring-security
Impacted products
| Name | ['Spring Spring Security >=6.1.0,<=6.1.6', 'Spring Spring Security >=6.2.0,<= 6.2.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-22234"
}
},
"description": "Spring Security\u662f\u4e00\u4e2a\u80fd\u591f\u4e3a\u57fa\u4e8eSpring\u7684\u4f01\u4e1a\u5e94\u7528\u7cfb\u7edf\u63d0\u4f9b\u58f0\u660e\u5f0f\u7684\u5b89\u5168\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u6846\u67b6\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u7ec4\u53ef\u4ee5\u5728Spring\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u914d\u7f6e\u7684Bean\uff0c\u5145\u5206\u5229\u7528\u4e86Spring IoC\uff0cDI\uff08\u63a7\u5236\u53cd\u8f6cInversion of Control ,DI:Dependency Injection \u4f9d\u8d56\u6ce8\u5165\uff09\u548cAOP\uff08\u9762\u5411\u5207\u9762\u7f16\u7a0b\uff09\u529f\u80fd\uff0c\u4e3a\u5e94\u7528\u7cfb\u7edf\u63d0\u4f9b\u58f0\u660e\u5f0f\u7684\u5b89\u5168\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\uff0c\u51cf\u5c11\u4e86\u4e3a\u4f01\u4e1a\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u7f16\u5199\u5927\u91cf\u91cd\u590d\u4ee3\u7801\u7684\u5de5\u4f5c\u3002\n\nSpring Security\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7ed5\u8fc7\u3002",
"formalWay": "\u76ee\u524d\u5b98\u65b9\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u53d7\u5f71\u54cd\u7528\u6237\u53ef\u4ee5\u5347\u7ea7\u66f4\u65b0\u5230\u5b89\u5168\u7248\u672c\u3002\u5b98\u65b9\u4e0b\u8f7d\u94fe\u63a5\uff1a\r\nhttps://spring.io/projects/spring-security",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-09335",
"openTime": "2024-02-21",
"patchDescription": "Spring Security\u662f\u4e00\u4e2a\u80fd\u591f\u4e3a\u57fa\u4e8eSpring\u7684\u4f01\u4e1a\u5e94\u7528\u7cfb\u7edf\u63d0\u4f9b\u58f0\u660e\u5f0f\u7684\u5b89\u5168\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u6846\u67b6\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u7ec4\u53ef\u4ee5\u5728Spring\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u914d\u7f6e\u7684Bean\uff0c\u5145\u5206\u5229\u7528\u4e86Spring IoC\uff0cDI\uff08\u63a7\u5236\u53cd\u8f6cInversion of Control ,DI:Dependency Injection \u4f9d\u8d56\u6ce8\u5165\uff09\u548cAOP\uff08\u9762\u5411\u5207\u9762\u7f16\u7a0b\uff09\u529f\u80fd\uff0c\u4e3a\u5e94\u7528\u7cfb\u7edf\u63d0\u4f9b\u58f0\u660e\u5f0f\u7684\u5b89\u5168\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\uff0c\u51cf\u5c11\u4e86\u4e3a\u4f01\u4e1a\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u7f16\u5199\u5927\u91cf\u91cd\u590d\u4ee3\u7801\u7684\u5de5\u4f5c\u3002\r\n\r\nSpring Security\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7ed5\u8fc7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Spring Security\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Spring Spring Security \u003e=6.1.0\uff0c\u003c=6.1.6",
"Spring Spring Security \u003e=6.2.0\uff0c\u003c= 6.2.1"
]
},
"serverity": "\u9ad8",
"submitTime": "2024-02-21",
"title": "Spring Security\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…