Action not permitted
Modal body text goes here.
CVE-2024-29041
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-26T13:59:28.274744Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:57:16.909Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://expressjs.com/en/4x/api.html#res.location" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "express", "vendor": "expressjs", "versions": [ { "status": "affected", "version": "\u003e=4.14.0, \u003c4.19.0" }, { "status": "affected", "version": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T20:20:06.205Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "tags": [ "x_refsource_MISC" ], "url": "https://expressjs.com/en/4x/api.html#res.location" } ], "source": { "advisory": "GHSA-rv95-896h-c2vc", "discovery": "UNKNOWN" }, "title": "Express.js Open Redirect in malformed URLs" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-29041", "datePublished": "2024-03-25T20:20:06.205Z", "dateReserved": "2024-03-14T16:59:47.614Z", "dateUpdated": "2024-08-02T01:03:51.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-29041\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-25T21:15:46.847\",\"lastModified\":\"2024-03-26T12:55:05.010\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.\"},{\"lang\":\"es\",\"value\":\"El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirecci\u00f3n utilizando una URL proporcionada por el usuario, Express realiza una codificaci\u00f3n [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicaci\u00f3n`. Esto puede hacer que las URL con formato incorrecto se eval\u00faen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento com\u00fan en aplicaciones Express, lo que lleva a una redirecci\u00f3n abierta al omitir una lista permitida implementada correctamente. El m\u00e9todo principal afectado es `res.location()` pero tambi\u00e9n se llama desde `res.redirect()`. La vulnerabilidad se solucion\u00f3 en 4.19.2 y 5.0.0-beta.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1286\"},{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"references\":[{\"url\":\"https://expressjs.com/en/4x/api.html#res.location\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/pull/5539\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/koajs/koa/issues/1800\",\"source\":\"security-advisories@github.com\"}]}}" } }
ghsa-rv95-896h-c2vc
Vulnerability from github
Impact
Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.
When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl
on the contents before passing it to the location
header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.
The main method impacted is res.location()
but this is also called from within res.redirect()
.
Patches
https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
An initial fix went out with express@4.19.0
, we then patched a feature regression in 4.19.1
and added improved handling for the bypass in 4.19.2
.
Workarounds
The fix for this involves pre-parsing the url string with either require('node:url').parse
or new URL
. These are steps you can take on your own before passing the user input string to res.location
or res.redirect
.
References
https://github.com/expressjs/express/pull/5539 https://github.com/koajs/koa/issues/1800 https://expressjs.com/en/4x/api.html#res.location
{ "affected": [ { "package": { "ecosystem": "npm", "name": "express" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.19.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "express" }, "ranges": [ { "events": [ { "introduced": "5.0.0-alpha.1" }, { "fixed": "5.0.0-beta.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-29041" ], "database_specific": { "cwe_ids": [ "CWE-1286", "CWE-601" ], "github_reviewed": true, "github_reviewed_at": "2024-03-25T19:40:26Z", "nvd_published_at": "2024-03-25T21:15:46Z", "severity": "MODERATE" }, "details": "### Impact\n\nVersions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.\n\nWhen a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.\n\nThe main method impacted is `res.location()` but this is also called from within `res.redirect()`.\n\n### Patches\n\nhttps://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\nhttps://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\n\nAn initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`.\n\n### Workarounds\n\nThe fix for this involves pre-parsing the url string with either `require(\u0027node:url\u0027).parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`.\n\n### References\n\nhttps://github.com/expressjs/express/pull/5539\nhttps://github.com/koajs/koa/issues/1800\nhttps://expressjs.com/en/4x/api.html#res.location", "id": "GHSA-rv95-896h-c2vc", "modified": "2024-03-25T22:24:57Z", "published": "2024-03-25T19:40:26Z", "references": [ { "type": "WEB", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "type": "WEB", "url": "https://github.com/koajs/koa/issues/1800" }, { "type": "WEB", "url": "https://github.com/expressjs/express/pull/5539" }, { "type": "WEB", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "type": "WEB", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "type": "WEB", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "type": "PACKAGE", "url": "https://github.com/expressjs/express" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Express.js Open Redirect in malformed URLs" }
rhsa-2024_4873
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4873", "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4873.json" } ], "title": "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", "tracking": { "current_release_date": "2024-09-18T13:45:13+00:00", "generator": { "date": "2024-09-18T13:45:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2024:4873", "initial_release_date": "2024-07-25T15:04:49+00:00", "revision_history": [ { "date": "2024-07-25T15:04:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-25T15:04:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T13:45:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product": { "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_id": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:apicurio_registry:2.6" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51775", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266921" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose4j: denial of service via specially crafted JWE", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51775" }, { "category": "external", "summary": "RHBZ#2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775" } ], "release_date": "2024-02-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose4j: denial of service via specially crafted JWE" }, { "cve": "CVE-2024-2700", "cwe": { "id": "CWE-526", "name": "Cleartext Storage of Sensitive Information in an Environment Variable" }, "discovery_date": "2024-04-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2273281" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", "title": "Vulnerability description" }, { "category": "summary", "text": "quarkus-core: Leak of local configuration properties into Quarkus applications", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2700" }, { "category": "external", "summary": "RHBZ#2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700" } ], "release_date": "2024-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "quarkus-core: Leak of local configuration properties into Quarkus applications" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
rhsa-2024_3868
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3868", "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "NETOBSERV-1279", "url": "https://issues.redhat.com/browse/NETOBSERV-1279" }, { "category": "external", "summary": "NETOBSERV-1408", "url": "https://issues.redhat.com/browse/NETOBSERV-1408" }, { "category": "external", "summary": "NETOBSERV-1424", "url": "https://issues.redhat.com/browse/NETOBSERV-1424" }, { "category": "external", "summary": "NETOBSERV-1453", "url": "https://issues.redhat.com/browse/NETOBSERV-1453" }, { "category": "external", "summary": "NETOBSERV-1459", "url": "https://issues.redhat.com/browse/NETOBSERV-1459" }, { "category": "external", "summary": "NETOBSERV-1462", "url": "https://issues.redhat.com/browse/NETOBSERV-1462" }, { "category": "external", "summary": "NETOBSERV-1544", "url": "https://issues.redhat.com/browse/NETOBSERV-1544" }, { "category": "external", "summary": "NETOBSERV-1598", "url": "https://issues.redhat.com/browse/NETOBSERV-1598" }, { "category": "external", "summary": "NETOBSERV-1606", "url": "https://issues.redhat.com/browse/NETOBSERV-1606" }, { "category": "external", "summary": "NETOBSERV-1607", "url": "https://issues.redhat.com/browse/NETOBSERV-1607" }, { "category": "external", "summary": "NETOBSERV-1621", "url": "https://issues.redhat.com/browse/NETOBSERV-1621" }, { "category": "external", "summary": "NETOBSERV-1630", "url": "https://issues.redhat.com/browse/NETOBSERV-1630" }, { "category": "external", "summary": "NETOBSERV-1647", "url": "https://issues.redhat.com/browse/NETOBSERV-1647" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3868.json" } ], "title": "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", "tracking": { "current_release_date": "2024-09-18T13:43:55+00:00", "generator": { "date": "2024-09-18T13:43:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2024:3868", "initial_release_date": "2024-06-17T00:43:37+00:00", "revision_history": [ { "date": "2024-06-17T00:43:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-17T00:43:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T13:43:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "NETOBSERV 1.6 for RHEL 9", "product": { "name": "NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9" } } } ], "category": "product_family", "name": "Network Observability" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_id": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_id": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_id": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_id": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_id": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_id": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39326", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253330" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39326" }, { "category": "external", "summary": "RHBZ#2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2382", "url": "https://pkg.go.dev/vuln/GO-2023-2382" } ], "release_date": "2023-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "No mitigation is available for this flaw.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests" }, { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2023-45289", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45289" }, { "category": "external", "summary": "RHBZ#2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect" }, { "cve": "CVE-2023-45290", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268017" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This issue permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: memory exhaustion in Request.ParseMultipartForm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45290" }, { "category": "external", "summary": "RHBZ#2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://go.dev/cl/569341", "url": "https://go.dev/cl/569341" }, { "category": "external", "summary": "https://go.dev/issue/65383", "url": "https://go.dev/issue/65383" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2599", "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0004", "url": "https://security.netapp.com/advisory/ntap-20240329-0004" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: memory exhaustion in Request.ParseMultipartForm" }, { "cve": "CVE-2024-24783", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268019" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24783" }, { "category": "external", "summary": "RHBZ#2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp" }, { "category": "external", "summary": "https://go.dev/cl/569339", "url": "https://go.dev/cl/569339" }, { "category": "external", "summary": "https://go.dev/issue/65390", "url": "https://go.dev/issue/65390" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2598", "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0005", "url": "https://security.netapp.com/advisory/ntap-20240329-0005" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm" }, { "cve": "CVE-2024-24785", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24785" }, { "category": "external", "summary": "RHBZ#2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785" }, { "category": "external", "summary": "https://go.dev/cl/564196", "url": "https://go.dev/cl/564196" }, { "category": "external", "summary": "https://go.dev/issue/65697", "url": "https://go.dev/issue/65697" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2024-2610.json", "url": "https://vuln.go.dev/ID/GO-2024-2610.json" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
rhsa-2024_6211
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:6211", "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "OSSM-6857", "url": "https://issues.redhat.com/browse/OSSM-6857" }, { "category": "external", "summary": "OSSM-8006", "url": "https://issues.redhat.com/browse/OSSM-8006" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6211.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update", "tracking": { "current_release_date": "2024-09-18T08:49:16+00:00", "generator": { "date": "2024-09-18T08:49:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2024:6211", "initial_release_date": "2024-09-03T10:05:20+00:00", "revision_history": [ { "date": "2024-09-03T10:05:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-03T10:05:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T08:49:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOSSM 2.6 for RHEL 8", "product": { "name": "RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.6::el8" } } }, { "category": "product_name", "name": "RHOSSM 2.6 for RHEL 9", "product": { "name": "RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.6::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "relates_to_product_reference": "9Base-RHOSSM-2.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-4067", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280601" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching.", "title": "Vulnerability description" }, { "category": "summary", "text": "micromatch: vulnerable to Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-4067" }, { "category": "external", "summary": "RHBZ#2280601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-4067", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067" }, { "category": "external", "summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", "url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/issues/243", "url": "https://github.com/micromatch/micromatch/issues/243" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/pull/247", "url": "https://github.com/micromatch/micromatch/pull/247" } ], "release_date": "2023-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "micromatch: vulnerable to Regular Expression Denial of Service" }, { "cve": "CVE-2024-4068", "cwe": { "id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop" }, "discovery_date": "2024-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280600" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "braces: fails to limit the number of characters it can handle", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-4068" }, { "category": "external", "summary": "RHBZ#2280600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068" }, { "category": "external", "summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/" }, { "category": "external", "summary": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", "url": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308" }, { "category": "external", "summary": "https://github.com/micromatch/braces/issues/35", "url": "https://github.com/micromatch/braces/issues/35" } ], "release_date": "2024-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "braces: fails to limit the number of characters it can handle" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-39338", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-08-13T17:21:32.774718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2304369" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", "title": "Vulnerability description" }, { "category": "summary", "text": "axios: axios: Server-Side Request Forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-39338" }, { "category": "external", "summary": "RHBZ#2304369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338" }, { "category": "external", "summary": "https://github.com/axios/axios/releases", "url": "https://github.com/axios/axios/releases" }, { "category": "external", "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html" } ], "release_date": "2024-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "axios: axios: Server-Side Request Forgery" } ] }
wid-sec-w-2024-0956
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0956 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json" }, { "category": "self", "summary": "WID-SEC-2024-0956 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149177" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149179" }, { "category": "external", "summary": "IBM Security Bulletin 7150843 vom 2024-05-10", "url": "https://www.ibm.com/support/pages/node/7150843" } ], "source_lang": "en-US", "title": "IBM App Connect Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-12T22:00:00.000+00:00", "generator": { "date": "2024-05-13T08:03:06.630+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0956", "initial_release_date": "2024-04-23T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-23T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-05-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM App Connect Enterprise", "product": { "name": "IBM App Connect Enterprise", "product_id": "T032495", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:-" } } }, { "category": "product_version_range", "name": "\u003c11.5.0", "product": { "name": "IBM App Connect Enterprise \u003c11.5.0", "product_id": "T034375", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:11.5.0" } } }, { "category": "product_version_range", "name": "\u003c5.0.17 LTS", "product": { "name": "IBM App Connect Enterprise \u003c5.0.17 LTS", "product_id": "T034376", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:5.0.17_lts" } } } ], "category": "product_name", "name": "App Connect Enterprise" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-29041", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-29041" }, { "cve": "CVE-2024-30260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30260" }, { "cve": "CVE-2024-30261", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30261" } ] }
gsd-2024-29041
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-29041" ], "details": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "id": "GSD-2024-29041", "modified": "2024-04-02T05:02:57.579467Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-29041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "express", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e=4.14.0, \u003c4.19.0" }, { "version_affected": "=", "version_value": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3" } ] } } ] }, "vendor_name": "expressjs" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-601", "lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" } ] }, { "description": [ { "cweId": "CWE-1286", "lang": "eng", "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "refsource": "MISC", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "refsource": "MISC", "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "refsource": "MISC", "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "refsource": "MISC", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "refsource": "MISC", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "refsource": "MISC", "url": "https://expressjs.com/en/4x/api.html#res.location" } ] }, "source": { "advisory": "GHSA-rv95-896h-c2vc", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." }, { "lang": "es", "value": "El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirecci\u00f3n utilizando una URL proporcionada por el usuario, Express realiza una codificaci\u00f3n [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicaci\u00f3n`. Esto puede hacer que las URL con formato incorrecto se eval\u00faen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento com\u00fan en aplicaciones Express, lo que lleva a una redirecci\u00f3n abierta al omitir una lista permitida implementada correctamente. El m\u00e9todo principal afectado es `res.location()` pero tambi\u00e9n se llama desde `res.redirect()`. La vulnerabilidad se solucion\u00f3 en 4.19.2 y 5.0.0-beta.3." } ], "id": "CVE-2024-29041", "lastModified": "2024-03-26T12:55:05.010", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-03-25T21:15:46.847", "references": [ { "source": "security-advisories@github.com", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/pull/5539" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "source": "security-advisories@github.com", "url": "https://github.com/koajs/koa/issues/1800" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-1286" }, { "lang": "en", "value": "CWE-601" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }