Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-29180 (GCVE-0-2024-29180)
Vulnerability from cvelistv5 – Published: 2024-03-21 16:47 – Updated: 2024-08-02 14:58
VLAI
EPSS
Title
webpack-dev-middleware Path Traversal vulnerability
Summary
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.
Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_CONFIRM |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
| https://github.com/webpack/webpack-dev-middleware… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| webpack | webpack-dev-middleware |
Affected:
>= 7.0.0, < 7.1.0
Affected: >= 6.0.0, < 6.1.2 Affected: < 5.3.4 |
|
| webpack.js | webpack-dev-middleware |
Affected:
0 , < 5.3.4
(custom)
Affected: 6.0.0 , < 6.1.2 (custom) Affected: 7.0.0 , < 7.1.0 (custom) cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webpack-dev-middleware",
"vendor": "webpack.js",
"versions": [
{
"lessThan": "5.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.1.2",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.0",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29180",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:55:43.782623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:58:57.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "webpack-dev-middleware",
"vendor": "webpack",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.0"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.2"
},
{
"status": "affected",
"version": "\u003c 5.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\n\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T16:47:53.848Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2"
},
{
"name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0"
}
],
"source": {
"advisory": "GHSA-wr3j-pwj9-hqq6",
"discovery": "UNKNOWN"
},
"title": "webpack-dev-middleware Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29180",
"datePublished": "2024-03-21T16:47:53.848Z",
"dateReserved": "2024-03-18T17:07:00.092Z",
"dateUpdated": "2024-08-02T14:58:57.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-29180",
"date": "2026-06-16",
"epss": "0.01199",
"percentile": "0.64054"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\\n\\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.\"}, {\"lang\": \"es\", \"value\": \"Antes de las versiones 7.1.0, 6.1.2 y 5.3.4, el middleware de desarrollo webpack-dev-middleware para devpack no valida suficientemente la direcci\\u00f3n URL proporcionada antes de devolver el archivo local. Es posible acceder a cualquier archivo en la m\\u00e1quina del desarrollador. El middleware puede funcionar con el sistema de archivos f\\u00edsico al leer los archivos o puede usar un sistema de archivos virtualizado en memoria \\\"memfs\\\". Si la opci\\u00f3n de configuraci\\u00f3n `writeToDisk` est\\u00e1 establecida en `true`, se utiliza el sistema de archivos f\\u00edsico. El m\\u00e9todo `getFilenameFromUrl` se utiliza para analizar la URL y crear la ruta del archivo local. El prefijo de ruta p\\u00fablica se elimina de la URL y el sufijo de ruta \\\"sin separar\\\" se agrega a \\\"outputPath\\\". Como la URL no se elimina y se normaliza autom\\u00e1ticamente antes de llamar al midlleware, es posible utilizar las secuencias `%2e` y `%2f` para realizar un ataque de path traversal. Los desarrolladores que utilizan `webpack-dev-server` o `webpack-dev-middleware` se ven afectados por el problema. Cuando se inicia el proyecto, un atacante podr\\u00eda acceder a cualquier archivo en la m\\u00e1quina del desarrollador y extraer el contenido. Si el servidor de desarrollo est\\u00e1 escuchando en una direcci\\u00f3n IP p\\u00fablica (o `0.0.0.0`), un atacante en la red local puede acceder a los archivos locales sin ninguna interacci\\u00f3n por parte de la v\\u00edctima (conexi\\u00f3n directa al puerto). Si el servidor permite el acceso desde dominios de terceros, un atacante puede enviar un enlace malicioso a la v\\u00edctima. Cuando se visita, el script del lado del cliente puede conectarse al servidor local y extraer los archivos locales. A partir de las versiones corregidas 7.1.0, 6.1.2 y 5.3.4, la URL no tiene escape y se normaliza antes de cualquier procesamiento posterior.\"}]",
"id": "CVE-2024-29180",
"lastModified": "2024-11-21T09:07:44.450",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}]}",
"published": "2024-03-21T17:15:09.690",
"references": "[{\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-29180\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-21T17:15:09.690\",\"lastModified\":\"2025-12-15T22:16:53.760\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\\n\\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.\"},{\"lang\":\"es\",\"value\":\"Antes de las versiones 7.1.0, 6.1.2 y 5.3.4, el middleware de desarrollo webpack-dev-middleware para devpack no valida suficientemente la direcci\u00f3n URL proporcionada antes de devolver el archivo local. Es posible acceder a cualquier archivo en la m\u00e1quina del desarrollador. El middleware puede funcionar con el sistema de archivos f\u00edsico al leer los archivos o puede usar un sistema de archivos virtualizado en memoria \\\"memfs\\\". Si la opci\u00f3n de configuraci\u00f3n `writeToDisk` est\u00e1 establecida en `true`, se utiliza el sistema de archivos f\u00edsico. El m\u00e9todo `getFilenameFromUrl` se utiliza para analizar la URL y crear la ruta del archivo local. El prefijo de ruta p\u00fablica se elimina de la URL y el sufijo de ruta \\\"sin separar\\\" se agrega a \\\"outputPath\\\". Como la URL no se elimina y se normaliza autom\u00e1ticamente antes de llamar al midlleware, es posible utilizar las secuencias `%2e` y `%2f` para realizar un ataque de path traversal. Los desarrolladores que utilizan `webpack-dev-server` o `webpack-dev-middleware` se ven afectados por el problema. Cuando se inicia el proyecto, un atacante podr\u00eda acceder a cualquier archivo en la m\u00e1quina del desarrollador y extraer el contenido. Si el servidor de desarrollo est\u00e1 escuchando en una direcci\u00f3n IP p\u00fablica (o `0.0.0.0`), un atacante en la red local puede acceder a los archivos locales sin ninguna interacci\u00f3n por parte de la v\u00edctima (conexi\u00f3n directa al puerto). Si el servidor permite el acceso desde dominios de terceros, un atacante puede enviar un enlace malicioso a la v\u00edctima. Cuando se visita, el script del lado del cliente puede conectarse al servidor local y extraer los archivos locales. A partir de las versiones corregidas 7.1.0, 6.1.2 y 5.3.4, la URL no tiene escape y se normaliza antes de cualquier procesamiento posterior.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.3.4\",\"matchCriteriaId\":\"61215ECB-1D62-49A1-9A2F-7834884E07F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.1.2\",\"matchCriteriaId\":\"FC93037E-4963-4C16-B06D-005ACDBBA1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.1.0\",\"matchCriteriaId\":\"74DC8F91-4A53-4BFE-9AB5-9FCE96DC3D54\"}]}]}],\"references\":[{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:10:54.074Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29180\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-02T14:55:43.782623Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*\"], \"vendor\": \"webpack.js\", \"product\": \"webpack-dev-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.3.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.1.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-02T14:58:51.117Z\"}}], \"cna\": {\"title\": \"webpack-dev-middleware Path Traversal vulnerability\", \"source\": {\"advisory\": \"GHSA-wr3j-pwj9-hqq6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"webpack\", \"product\": \"webpack-dev-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.1.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.1.2\"}, {\"status\": \"affected\", \"version\": \"\u003c 5.3.4\"}]}], \"references\": [{\"url\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"name\": \"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\\n\\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-21T16:47:53.848Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-29180\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T14:58:57.526Z\", \"dateReserved\": \"2024-03-18T17:07:00.092Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-21T16:47:53.848Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024_2816
Vulnerability from csaf_redhat - Published: 2024-05-10 19:16 - Updated: 2024-12-17 20:51Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Errata Advisory for Red Hat OpenShift GitOps v1.12.2.
Security Fix(es):
* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).
* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.
2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.
3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.
4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.
5. Another fix to enable scheduling console-plugin workloads on Infra nodes.
6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.
7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Argo CD. The API server does not enforce project sourceNamespaces, which can allow an attacker to use the UI to edit resources which should only be mutable via gitops.
4.8 (Medium)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
25 references
Acknowledgments
Michael Crenshaw
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.12.2.\n\nSecurity Fix(es):\n\n* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).\n\n* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.\n\n2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.\n\n3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.\n\n4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.\n\n5. Another fix to enable scheduling console-plugin workloads on Infra nodes.\n\n6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.\n\n7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2816",
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html",
"url": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html",
"url": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "GITOPS-3736",
"url": "https://issues.redhat.com/browse/GITOPS-3736"
},
{
"category": "external",
"summary": "GITOPS-3947",
"url": "https://issues.redhat.com/browse/GITOPS-3947"
},
{
"category": "external",
"summary": "GITOPS-4226",
"url": "https://issues.redhat.com/browse/GITOPS-4226"
},
{
"category": "external",
"summary": "GITOPS-4303",
"url": "https://issues.redhat.com/browse/GITOPS-4303"
},
{
"category": "external",
"summary": "GITOPS-4358",
"url": "https://issues.redhat.com/browse/GITOPS-4358"
},
{
"category": "external",
"summary": "GITOPS-4496",
"url": "https://issues.redhat.com/browse/GITOPS-4496"
},
{
"category": "external",
"summary": "GITOPS-4513",
"url": "https://issues.redhat.com/browse/GITOPS-4513"
},
{
"category": "external",
"summary": "GITOPS-4543",
"url": "https://issues.redhat.com/browse/GITOPS-4543"
},
{
"category": "external",
"summary": "GITOPS-4645",
"url": "https://issues.redhat.com/browse/GITOPS-4645"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2816.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update",
"tracking": {
"current_release_date": "2024-12-17T20:51:54+00:00",
"generator": {
"date": "2024-12-17T20:51:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:2816",
"initial_release_date": "2024-05-10T19:16:32+00:00",
"revision_history": [
{
"date": "2024-05-10T19:16:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-10T19:16:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T20:51:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.12",
"product": {
"name": "Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-10T19:16:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"acknowledgments": [
{
"names": [
"Michael Crenshaw"
]
}
],
"cve": "CVE-2024-31990",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2024-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275189"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD. The API server does not enforce project sourceNamespaces, which can allow an attacker to use the UI to edit resources which should only be mutable via gitops.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argo-cd: API server does not enforce project sourceNamespaces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31990"
},
{
"category": "external",
"summary": "RHBZ#2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990"
}
],
"release_date": "2024-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-10T19:16:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "argo-cd: API server does not enforce project sourceNamespaces"
}
]
}
RHSA-2024_2817
Vulnerability from csaf_redhat - Published: 2024-05-10 19:36 - Updated: 2024-12-17 20:52Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Errata Advisory for Red Hat OpenShift GitOps v1.10.5.
Security Fix(es):
* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
1. Fix for a critical bug reported by customers where IgnoreDifferences Option
in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in
ignoreDifferences during Sync.
2. A fix that enables customer to add clusters hosted on GCP to ArgoCD.
3. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.10.5.\n\nSecurity Fix(es):\n\n* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n1. Fix for a critical bug reported by customers where IgnoreDifferences Option\nin Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in\nignoreDifferences during Sync.\n\n2. A fix that enables customer to add clusters hosted on GCP to ArgoCD.\n\n3. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2817",
"url": "https://access.redhat.com/errata/RHSA-2024:2817"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html",
"url": "https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html",
"url": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "GITOPS-4226",
"url": "https://issues.redhat.com/browse/GITOPS-4226"
},
{
"category": "external",
"summary": "GITOPS-4513",
"url": "https://issues.redhat.com/browse/GITOPS-4513"
},
{
"category": "external",
"summary": "GITOPS-4543",
"url": "https://issues.redhat.com/browse/GITOPS-4543"
},
{
"category": "external",
"summary": "GITOPS-4645",
"url": "https://issues.redhat.com/browse/GITOPS-4645"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2817.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update",
"tracking": {
"current_release_date": "2024-12-17T20:52:41+00:00",
"generator": {
"date": "2024-12-17T20:52:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:2817",
"initial_release_date": "2024-05-10T19:36:39+00:00",
"revision_history": [
{
"date": "2024-05-10T19:36:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-10T19:36:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T20:52:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.10",
"product": {
"name": "Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.5-6"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.5-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.5-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.5-6"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.5-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64 as a component of Red Hat OpenShift GitOps 1.10",
"product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64",
"relates_to_product_reference": "8Base-GitOps-1.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-10T19:36:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2817"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:141bc9dec57c4c07ba209755e1b43fb99e2afc195f3430842b275b4c4dfcc5f5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:167a4ec509a83696d014c258d640956c733038ae4a711824e4fdd8b004ba7964_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:53a9bf3139c8915efcf58e72193b652923167d38df5a61d5d5fbafb61b3fab0e_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:db225a8e1d83c11bad04f0aae82cd07013cc8902b5af0394d8be8bca1242ae25_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:6b85a3fc1e590ab008fdb2db4647c3eccf4540eb452c64b4ebd6a61647cbc5b8_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:91476c66096af76505cfc23d46fbcf2478a7417f86d0dedd59e7091088bcf9ef_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:babc6209cd7b170a073cb38d172de4830f8fef038fef17e10044eb41f02cbaa2_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d4584964c9659370dac81298abb68f7b5c1eef49ad1a18c7996cd6cdac16926e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:b8a1bb95b79659d5ff896734be4f28bc64c2d61560c473a4a0f1c14b1e18efe5_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:ba13922849da5fcd6a790bee2a8a39270b56ef399d2abbb7663eb698b15993c6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:cf1e480c838479f8137537ab68ae818d219c40e58008a03214b0e5b6a3046730_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:f01f628665e7a1d3ecca7fe2f86a461fe100d8892c1e6ad848cc63c793585d0f_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:416353d665f078404aeb21c19099f342157e01eab321e50ff052565e036f9b0e_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:c3fcaa38e7883f3573628c1d99bd1cdd0fcb19061371009ab118902269bbf7b3_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fce845415ec7aad46d57b63fa2ff57d03a902bfde4821ad74b20bfe20d41e389_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:fdb439b295b3903f9f2341929a545366ebb35e38bdb5f609f31678b0edff357e_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:ed2a8efb4fc40d2d6a09ceecaa0f16d6bea139e2d7afae6ba85dbae356daf59b_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:365cd33870134af2c4f2413797cf32d3bc0643e93581e9e7b4eede391d4a20e5_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:630b22b7518a2355492d98f7ac5c05610c981f706f707f1bb82c2ad5c0493640_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:957b420874020d5db2a4d4cdfdab41cda7853695cd29494cba78712d01f43cc5_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:f4fed927355e4b6b53448194e5325b209738fc9ba990d02db4cb75653a878113_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:95f09ae4939c63ce698ac4a8b2b4275ebf2c304f3364bfc365c323aafbdd6206_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b6c20bfad0e77414638d912d7cae7ff54ce0be30030fa9ba6f13448966c56294_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ead329586aa61f94bf8c8a0efb676e8a695fceef5fcacdc568a4a466b492ec5e_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:f658538471aca8330a9d368f2cd3444416dca9a73e3cfb53b735da6463dcf337_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2c8c4d322736fe778a348e1dcd98f8f580b7f98ea42a651ad8b88c0d63f1b38d_arm64",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:523a76e2f894264701c5e4c02c70b187abb5b3f58136b91bcafbbae3b48eca84_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:76e7ce8466895cfc12f4f6a024f54674006eaa92b05534685f04089e13eb1364_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01d39107b2d2449f86ce893c97e790ea6acfa37e69f7d3b70a795ceacec12b6_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:0e76f7330665dc4a4ba52cb6be28f29cb24ed926c583540b721a03bedeb06a6d_s390x",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:27f63d236f04cc0611fd81168d42e81903eb53671c122dd902b2d3e41f6952bf_ppc64le",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:2f61991fbda425d6357195149a4ea8b939a2e6d11e9f15e104c86745d21bd22d_amd64",
"8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:decbecdee5ec0f3a4aaf86a95226d6bf24e2d39cf077048465365e54e613b2d3_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_2941
Vulnerability from csaf_redhat - Published: 2024-05-21 09:58 - Updated: 2024-12-17 22:42Summary
Red Hat Security Advisory: RHACS 4.4 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.4.2 provides the following bug fixes:
* Before this update, Collector pods on nodes with 128 or more cores would fail with a `CrashLoopBackOff` status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue.
* This release updates the Scanner baseline vulnerability data to address changes made to the Red Hat security data feeds that were not compatible with earlier data from Scanner’s scheduled feed processing. This fixes various issues where vulnerabilities were detected for images containing packages that were incorrectly indicated as affected by a vulnerability.
* This release fixes a crash and rendering error in the network graph that occurs when Central is running an RHACS release of 4.3.6 or earlier and Sensor is running an RHACS release of 4.4.0 or later.
* Previously, RHACS did not update the alerts when violations changed. This release fixes the issue, and RHACS correctly updates the alerts when violations change.
This release provides the following changes:
* The default telemetry endpoint is now set to a Red Hat proxy.
* This release includes a new environment variable, ROX_API_TOKEN_FILE, that you can use to pass your API’s token file path to the `roxctl` CLI.
This releases updates the following items to patch vulnerabilities:
* (CVE-2023-45288) Go has been updated to release 1.21.9.
* (CVE-2023-45288) The `golang.org/x/net` module has been updated from release v0.22.0 to v0.23.0.
* (CVE-2024-29180) webpack-dev-middleware module has been updated form version 5.3.3 to 5.3.4.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
52 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.4.2 provides the following bug fixes:\n\n* Before this update, Collector pods on nodes with 128 or more cores would fail with a `CrashLoopBackOff` status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue.\n* This release updates the Scanner baseline vulnerability data to address changes made to the Red Hat security data feeds that were not compatible with earlier data from Scanner\u2019s scheduled feed processing. This fixes various issues where vulnerabilities were detected for images containing packages that were incorrectly indicated as affected by a vulnerability.\n* This release fixes a crash and rendering error in the network graph that occurs when Central is running an RHACS release of 4.3.6 or earlier and Sensor is running an RHACS release of 4.4.0 or later.\n* Previously, RHACS did not update the alerts when violations changed. This release fixes the issue, and RHACS correctly updates the alerts when violations change.\n\nThis release provides the following changes:\n\n* The default telemetry endpoint is now set to a Red Hat proxy.\n* This release includes a new environment variable, ROX_API_TOKEN_FILE, that you can use to pass your API\u2019s token file path to the `roxctl` CLI.\n\nThis releases updates the following items to patch vulnerabilities:\n\n* (CVE-2023-45288) Go has been updated to release 1.21.9.\n* (CVE-2023-45288) The `golang.org/x/net` module has been updated from release v0.22.0 to v0.23.0.\n* (CVE-2024-29180) webpack-dev-middleware module has been updated form version 5.3.3 to 5.3.4.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2941",
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html",
"url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "ROX-21948",
"url": "https://issues.redhat.com/browse/ROX-21948"
},
{
"category": "external",
"summary": "ROX-23397",
"url": "https://issues.redhat.com/browse/ROX-23397"
},
{
"category": "external",
"summary": "ROX-23469",
"url": "https://issues.redhat.com/browse/ROX-23469"
},
{
"category": "external",
"summary": "ROX-23540",
"url": "https://issues.redhat.com/browse/ROX-23540"
},
{
"category": "external",
"summary": "ROX-23566",
"url": "https://issues.redhat.com/browse/ROX-23566"
},
{
"category": "external",
"summary": "ROX-23852",
"url": "https://issues.redhat.com/browse/ROX-23852"
},
{
"category": "external",
"summary": "ROX-24189",
"url": "https://issues.redhat.com/browse/ROX-24189"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2941.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.4 enhancement and security update",
"tracking": {
"current_release_date": "2024-12-17T22:42:26+00:00",
"generator": {
"date": "2024-12-17T22:42:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:2941",
"initial_release_date": "2024-05-21T09:58:45+00:00",
"revision_history": [
{
"date": "2024-05-21T09:58:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T09:58:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:42:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.4 for RHEL 8",
"product": {
"name": "RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_3316
Vulnerability from csaf_redhat - Published: 2024-05-23 06:39 - Updated: 2024-12-17 22:43Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Severity
Important
Notes
Topic: Migration Toolkit for Applications 7.0.3 release
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Migration Toolkit for Applications 7.0.3 Images
Security Fix(es) from Bugzilla:
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* axios: exposure of confidential data stored in cookies (CVE-2023-45857)
* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
* go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)
* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* follow-redirects: Possible credential leak (CVE-2024-28849)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
4.7 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the environment.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — | ||
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 | — |
Workaround
|
Threats
Impact
Important
References
107 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Applications 7.0.3 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Applications 7.0.3 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n\n* go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)\n\n* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)\n\n* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)\n\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3316",
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2248979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
},
{
"category": "external",
"summary": "2250364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
},
{
"category": "external",
"summary": "2252012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252012"
},
{
"category": "external",
"summary": "2253193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253193"
},
{
"category": "external",
"summary": "2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "2254559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
},
{
"category": "external",
"summary": "2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "MTA-1578",
"url": "https://issues.redhat.com/browse/MTA-1578"
},
{
"category": "external",
"summary": "MTA-1959",
"url": "https://issues.redhat.com/browse/MTA-1959"
},
{
"category": "external",
"summary": "MTA-1961",
"url": "https://issues.redhat.com/browse/MTA-1961"
},
{
"category": "external",
"summary": "MTA-1970",
"url": "https://issues.redhat.com/browse/MTA-1970"
},
{
"category": "external",
"summary": "MTA-1997",
"url": "https://issues.redhat.com/browse/MTA-1997"
},
{
"category": "external",
"summary": "MTA-2003",
"url": "https://issues.redhat.com/browse/MTA-2003"
},
{
"category": "external",
"summary": "MTA-2117",
"url": "https://issues.redhat.com/browse/MTA-2117"
},
{
"category": "external",
"summary": "MTA-2186",
"url": "https://issues.redhat.com/browse/MTA-2186"
},
{
"category": "external",
"summary": "MTA-2224",
"url": "https://issues.redhat.com/browse/MTA-2224"
},
{
"category": "external",
"summary": "MTA-2243",
"url": "https://issues.redhat.com/browse/MTA-2243"
},
{
"category": "external",
"summary": "MTA-2287",
"url": "https://issues.redhat.com/browse/MTA-2287"
},
{
"category": "external",
"summary": "MTA-2308",
"url": "https://issues.redhat.com/browse/MTA-2308"
},
{
"category": "external",
"summary": "MTA-2314",
"url": "https://issues.redhat.com/browse/MTA-2314"
},
{
"category": "external",
"summary": "MTA-2341",
"url": "https://issues.redhat.com/browse/MTA-2341"
},
{
"category": "external",
"summary": "MTA-2380",
"url": "https://issues.redhat.com/browse/MTA-2380"
},
{
"category": "external",
"summary": "MTA-2400",
"url": "https://issues.redhat.com/browse/MTA-2400"
},
{
"category": "external",
"summary": "MTA-2409",
"url": "https://issues.redhat.com/browse/MTA-2409"
},
{
"category": "external",
"summary": "MTA-2410",
"url": "https://issues.redhat.com/browse/MTA-2410"
},
{
"category": "external",
"summary": "MTA-2426",
"url": "https://issues.redhat.com/browse/MTA-2426"
},
{
"category": "external",
"summary": "MTA-2427",
"url": "https://issues.redhat.com/browse/MTA-2427"
},
{
"category": "external",
"summary": "MTA-2451",
"url": "https://issues.redhat.com/browse/MTA-2451"
},
{
"category": "external",
"summary": "MTA-2452",
"url": "https://issues.redhat.com/browse/MTA-2452"
},
{
"category": "external",
"summary": "MTA-2495",
"url": "https://issues.redhat.com/browse/MTA-2495"
},
{
"category": "external",
"summary": "MTA-2503",
"url": "https://issues.redhat.com/browse/MTA-2503"
},
{
"category": "external",
"summary": "MTA-2505",
"url": "https://issues.redhat.com/browse/MTA-2505"
},
{
"category": "external",
"summary": "MTA-2512",
"url": "https://issues.redhat.com/browse/MTA-2512"
},
{
"category": "external",
"summary": "MTA-2513",
"url": "https://issues.redhat.com/browse/MTA-2513"
},
{
"category": "external",
"summary": "MTA-2518",
"url": "https://issues.redhat.com/browse/MTA-2518"
},
{
"category": "external",
"summary": "MTA-2550",
"url": "https://issues.redhat.com/browse/MTA-2550"
},
{
"category": "external",
"summary": "MTA-2560",
"url": "https://issues.redhat.com/browse/MTA-2560"
},
{
"category": "external",
"summary": "MTA-2563",
"url": "https://issues.redhat.com/browse/MTA-2563"
},
{
"category": "external",
"summary": "MTA-2616",
"url": "https://issues.redhat.com/browse/MTA-2616"
},
{
"category": "external",
"summary": "MTA-2652",
"url": "https://issues.redhat.com/browse/MTA-2652"
},
{
"category": "external",
"summary": "MTA-2654",
"url": "https://issues.redhat.com/browse/MTA-2654"
},
{
"category": "external",
"summary": "MTA-2661",
"url": "https://issues.redhat.com/browse/MTA-2661"
},
{
"category": "external",
"summary": "MTA-2681",
"url": "https://issues.redhat.com/browse/MTA-2681"
},
{
"category": "external",
"summary": "MTA-2781",
"url": "https://issues.redhat.com/browse/MTA-2781"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3316.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:43:26+00:00",
"generator": {
"date": "2024-12-17T22:43:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3316",
"initial_release_date": "2024-05-23T06:39:32+00:00",
"revision_history": [
{
"date": "2024-05-23T06:39:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T06:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:43:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MTA 7.0 for RHEL 9",
"product": {
"name": "MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:7.0::el9"
}
}
},
{
"category": "product_name",
"name": "MTA 7.0 for RHEL 8",
"product": {
"name": "MTA 7.0 for RHEL 8",
"product_id": "8Base-MTA-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:7.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Applications"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"product": {
"name": "mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"product_id": "mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-analyzer-addon-rhel9\u0026tag=7.0.3-13"
}
}
},
{
"category": "product_version",
"name": "mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"product": {
"name": "mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"product_id": "mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-analyzer-lsp-rhel9\u0026tag=7.0.3-13"
}
}
},
{
"category": "product_version",
"name": "mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"product": {
"name": "mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"product_id": "mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-cli-rhel9\u0026tag=7.0.3-16"
}
}
},
{
"category": "product_version",
"name": "mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"product": {
"name": "mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"product_id": "mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel9\u0026tag=7.0.3-10"
}
}
},
{
"category": "product_version",
"name": "mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"product": {
"name": "mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"product_id": "mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=7.0.3-25"
}
}
},
{
"category": "product_version",
"name": "mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"product": {
"name": "mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"product_id": "mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=7.0.3-7"
}
}
},
{
"category": "product_version",
"name": "mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"product": {
"name": "mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"product_id": "mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel9\u0026tag=7.0.3-13"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64",
"product": {
"name": "mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64",
"product_id": "mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-shim-rhel9\u0026tag=7.0.3-12"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"product": {
"name": "mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"product_id": "mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc?arch=arm64\u0026repository_url=registry.redhat.io/mta/mta-analyzer-lsp-rhel9\u0026tag=7.0.3-13"
}
}
},
{
"category": "product_version",
"name": "mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"product": {
"name": "mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"product_id": "mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99?arch=arm64\u0026repository_url=registry.redhat.io/mta/mta-cli-rhel9\u0026tag=7.0.3-16"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"product": {
"name": "mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"product_id": "mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092?arch=arm64\u0026repository_url=registry.redhat.io/mta/mta-windup-shim-rhel9\u0026tag=7.0.3-12"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64 as a component of MTA 7.0 for RHEL 8",
"product_id": "8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64"
},
"product_reference": "mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"relates_to_product_reference": "8Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64"
},
"product_reference": "mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64"
},
"product_reference": "mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64"
},
"product_reference": "mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64"
},
"product_reference": "mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
},
"product_reference": "mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64"
},
"product_reference": "mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64"
},
"product_reference": "mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
},
"product_reference": "mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64"
},
"product_reference": "mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"relates_to_product_reference": "9Base-MTA-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64 as a component of MTA 7.0 for RHEL 9",
"product_id": "9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
},
"product_reference": "mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64",
"relates_to_product_reference": "9Base-MTA-7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26159",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-01-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256413"
}
],
"notes": [
{
"category": "description",
"text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26159"
},
{
"category": "external",
"summary": "RHBZ#2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
}
],
"release_date": "2024-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
},
{
"cve": "CVE-2023-26364",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-11-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2250364"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26364"
},
{
"category": "external",
"summary": "RHBZ#2250364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364"
},
{
"category": "external",
"summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"
}
],
"release_date": "2023-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "No mitigation is yet available for this vulnerability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression"
},
{
"cve": "CVE-2023-39326",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "RHBZ#2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2382",
"url": "https://pkg.go.dev/vuln/GO-2023-2382"
}
],
"release_date": "2023-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "No mitigation is available for this flaw.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests"
},
{
"cve": "CVE-2023-45286",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2023-11-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252012"
}
],
"notes": [
{
"category": "description",
"text": "A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn\u0027t had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45286"
},
{
"category": "external",
"summary": "RHBZ#2252012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45286"
}
],
"release_date": "2023-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2"
},
{
"cve": "CVE-2023-45287",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified flaw in the Golang crypto/tls library, is assessed as a moderate severity issue rather than important due to several mitigating factors. Although the vulnerability exposes a Timing Side Channel, potentially allowing information retrieval through RSA-based TLS key exchanges, its exploitation demands significant access and expertise. Additionally, while earlier versions implemented RSA blinding to counter timing attacks, the removal of PKCS#1 padding may still leak timing data. However, the practicality of exploiting this flaw is limited, and the transition to a fully constant time RSA implementation in Go 1.20 significantly bolsters security, reducing the risk posed by timing side channels.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45287"
},
{
"category": "external",
"summary": "RHBZ#2253193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45287"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2375",
"url": "https://pkg.go.dev/vuln/GO-2023-2375"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "No current mitigation is available for this vulnerability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges."
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45857",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-11-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: exposure of confidential data stored in cookies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45857"
},
{
"category": "external",
"summary": "RHBZ#2248979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
}
],
"release_date": "2023-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: exposure of confidential data stored in cookies"
},
{
"cve": "CVE-2023-48631",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-12-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254559"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48631"
},
{
"category": "external",
"summary": "RHBZ#2254559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631"
},
{
"category": "external",
"summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"known_not_affected": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T06:39:32+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-7.0:mta/mta-rhel8-operator@sha256:1719cafe5b15c44bb1bb207bce1cc2a6ee7c1b097901d8fab61912ce298f40dd_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-addon-rhel9@sha256:0c0381b7e457651468411ac42db0cd87070bc711321b51db4d73da7443d9873b_amd64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:a09bcb0103144127baaea5831a75313a5148c1cacca2ca52fdfd93b09986d1fc_arm64",
"9Base-MTA-7.0:mta/mta-analyzer-lsp-rhel9@sha256:eeb59395e040f7b5367b5c0e4911e5ee23289cf13a42c517dfe30ec385ddeede_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:1f68cef1b46537edbb48d0842761258c8e8f9456cf2e5f93317e17307646c51d_amd64",
"9Base-MTA-7.0:mta/mta-cli-rhel9@sha256:7f9db3bb4df9fa6680c58547974f2c5f1035ba9e65f51acdaea12c082fc78c99_arm64",
"9Base-MTA-7.0:mta/mta-hub-rhel9@sha256:9e8489a7a70be8a4035de9921bd7360dd993dfc364fca97abcd7ef5f637bae07_amd64",
"9Base-MTA-7.0:mta/mta-operator-bundle@sha256:9eeb43af2bcab84f5261d1575f7c897903a7696dba011d256abffa1fe850eba2_amd64",
"9Base-MTA-7.0:mta/mta-ui-rhel9@sha256:d0a02e3d0067cd6811e00a55b644dd9a345261e3f77ed72431a3ce03137d11bf_amd64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:0ee12e416243c3d96ff86d96d203925259f2408633b28db485ff7a0378b7b092_arm64",
"9Base-MTA-7.0:mta/mta-windup-shim-rhel9@sha256:122ddc6b9f403fe1dddcd25ee4376cbfb33264019e3199418d879634500389dc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_3868
Vulnerability from csaf_redhat - Published: 2024-06-17 00:43 - Updated: 2024-12-18 04:35Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Severity
Important
Notes
Topic: Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.
9.8 (Critical)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.
6.5 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
6.1 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
93 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3868",
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "NETOBSERV-1279",
"url": "https://issues.redhat.com/browse/NETOBSERV-1279"
},
{
"category": "external",
"summary": "NETOBSERV-1408",
"url": "https://issues.redhat.com/browse/NETOBSERV-1408"
},
{
"category": "external",
"summary": "NETOBSERV-1424",
"url": "https://issues.redhat.com/browse/NETOBSERV-1424"
},
{
"category": "external",
"summary": "NETOBSERV-1453",
"url": "https://issues.redhat.com/browse/NETOBSERV-1453"
},
{
"category": "external",
"summary": "NETOBSERV-1459",
"url": "https://issues.redhat.com/browse/NETOBSERV-1459"
},
{
"category": "external",
"summary": "NETOBSERV-1462",
"url": "https://issues.redhat.com/browse/NETOBSERV-1462"
},
{
"category": "external",
"summary": "NETOBSERV-1544",
"url": "https://issues.redhat.com/browse/NETOBSERV-1544"
},
{
"category": "external",
"summary": "NETOBSERV-1598",
"url": "https://issues.redhat.com/browse/NETOBSERV-1598"
},
{
"category": "external",
"summary": "NETOBSERV-1606",
"url": "https://issues.redhat.com/browse/NETOBSERV-1606"
},
{
"category": "external",
"summary": "NETOBSERV-1607",
"url": "https://issues.redhat.com/browse/NETOBSERV-1607"
},
{
"category": "external",
"summary": "NETOBSERV-1621",
"url": "https://issues.redhat.com/browse/NETOBSERV-1621"
},
{
"category": "external",
"summary": "NETOBSERV-1630",
"url": "https://issues.redhat.com/browse/NETOBSERV-1630"
},
{
"category": "external",
"summary": "NETOBSERV-1647",
"url": "https://issues.redhat.com/browse/NETOBSERV-1647"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift",
"tracking": {
"current_release_date": "2024-12-18T04:35:48+00:00",
"generator": {
"date": "2024-12-18T04:35:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3868",
"initial_release_date": "2024-06-17T00:43:37+00:00",
"revision_history": [
{
"date": "2024-06-17T00:43:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-17T00:43:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:35:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.6 for RHEL 9",
"product": {
"name": "NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39326",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "RHBZ#2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2382",
"url": "https://pkg.go.dev/vuln/GO-2023-2382"
}
],
"release_date": "2023-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "No mitigation is available for this flaw.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests"
},
{
"cve": "CVE-2023-42282",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ip: arbitrary code execution via the isPublic() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42282"
},
{
"category": "external",
"summary": "RHBZ#2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-ip: arbitrary code execution via the isPublic() function"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29041",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2290901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: cause malformed URLs to be evaluated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29041"
},
{
"category": "external",
"summary": "RHBZ#2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
},
{
"category": "external",
"summary": "https://expressjs.com/en/4x/api.html#res.location",
"url": "https://expressjs.com/en/4x/api.html#res.location"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/pull/5539",
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"category": "external",
"summary": "https://github.com/koajs/koa/issues/1800",
"url": "https://github.com/koajs/koa/issues/1800"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "express: cause malformed URLs to be evaluated"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_3920
Vulnerability from csaf_redhat - Published: 2024-06-13 11:02 - Updated: 2024-12-17 22:44Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Severity
Important
Notes
Topic: Migration Toolkit for Runtimes 1.2.6 release
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Migration Toolkit for Runtimes 1.2.6 ZIP artifacts
Security Fix(es):
* axios: exposure of confidential data stored in cookies (CVE-2023-45857)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* commons-configuration2: various flaws (CVE-2024-29131)
* commons-configuration2: various flaws (CVE-2024-29133)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Runtimes 1.2.6 ZIP artifacts\n\nSecurity Fix(es):\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n* commons-configuration2: various flaws (CVE-2024-29131)\n* commons-configuration2: various flaws (CVE-2024-29133)\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3920",
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "WINDUPRULE-1049",
"url": "https://issues.redhat.com/browse/WINDUPRULE-1049"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3920.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-12-17T22:44:47+00:00",
"generator": {
"date": "2024-12-17T22:44:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3920",
"initial_release_date": "2024-06-13T11:02:36+00:00",
"revision_history": [
{
"date": "2024-06-13T11:02:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-13T11:02:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:44:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45857",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: exposure of confidential data stored in cookies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45857"
},
{
"category": "external",
"summary": "RHBZ#2248979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
}
],
"release_date": "2023-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T11:02:36+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: exposure of confidential data stored in cookies"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T11:02:36+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270674"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29131"
},
{
"category": "external",
"summary": "RHBZ#2270674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
"url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
"url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T11:02:36+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29133"
},
{
"category": "external",
"summary": "RHBZ#2270673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
"url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T11:02:36+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T11:02:36+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3920"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_3989
Vulnerability from csaf_redhat - Published: 2024-06-20 00:34 - Updated: 2024-12-17 22:45Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Severity
Important
Notes
Topic: Migration Toolkit for Applications 6.2.3 release
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Migration Toolkit for Applications 6.2.3 Images
Security Fix(es) from Bugzilla:
* keycloak: path transversal in redirection validation (CVE-2024-1132)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* axios: exposure of confidential data stored in cookies (CVE-2023-45857)
* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)
* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.
CWE-149 - Improper Neutralization of Quoting SyntaxAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Threats
Impact
Low
A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — | ||
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Low
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 | — |
Workaround
|
Threats
Impact
Important
References
90 references
Acknowledgments
Axel Flamcourt
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Applications 6.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Applications 6.2.3 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n\n* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)\n\n* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3989",
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "2248979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
},
{
"category": "external",
"summary": "2250364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
},
{
"category": "external",
"summary": "2254559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
},
{
"category": "external",
"summary": "2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "2262117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
},
{
"category": "external",
"summary": "2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "2264989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2270673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
},
{
"category": "external",
"summary": "2270674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3989.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:45:59+00:00",
"generator": {
"date": "2024-12-17T22:45:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3989",
"initial_release_date": "2024-06-20T00:34:55+00:00",
"revision_history": [
{
"date": "2024-06-20T00:34:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-20T00:34:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:45:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MTA 6.2 for RHEL 8",
"product": {
"name": "MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
}
}
},
{
"category": "product_name",
"name": "MTA 6.2 for RHEL 8",
"product": {
"name": "MTA 6.2 for RHEL 8",
"product_id": "8Base-MTA-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Applications"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"product": {
"name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"product_id": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel9\u0026tag=6.2.3-1"
}
}
},
{
"category": "product_version",
"name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"product": {
"name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"product_id": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=6.2.3-4"
}
}
},
{
"category": "product_version",
"name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"product": {
"name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"product_id": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.2.3-1"
}
}
},
{
"category": "product_version",
"name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"product": {
"name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"product_id": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9\u0026tag=6.2.3-1"
}
}
},
{
"category": "product_version",
"name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"product": {
"name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"product_id": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel9\u0026tag=6.2.3-2"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
"product": {
"name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
"product_id": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9\u0026tag=6.2.3-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64"
},
"product_reference": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"relates_to_product_reference": "8Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64"
},
"product_reference": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64"
},
"product_reference": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
},
"product_reference": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
},
"product_reference": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
},
"product_reference": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26159",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-01-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256413"
}
],
"notes": [
{
"category": "description",
"text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26159"
},
{
"category": "external",
"summary": "RHBZ#2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
}
],
"release_date": "2024-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
},
{
"cve": "CVE-2023-26364",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-11-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2250364"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26364"
},
{
"category": "external",
"summary": "RHBZ#2250364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364"
},
{
"category": "external",
"summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"
}
],
"release_date": "2023-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "No mitigation is yet available for this vulnerability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression"
},
{
"cve": "CVE-2023-36479",
"cwe": {
"id": "CWE-149",
"name": "Improper Neutralization of Quoting Syntax"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36479"
},
{
"category": "external",
"summary": "RHBZ#2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
},
{
"cve": "CVE-2023-45857",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-11-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: exposure of confidential data stored in cookies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45857"
},
{
"category": "external",
"summary": "RHBZ#2248979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
}
],
"release_date": "2023-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: exposure of confidential data stored in cookies"
},
{
"cve": "CVE-2023-48631",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-12-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254559"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48631"
},
{
"category": "external",
"summary": "RHBZ#2254559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631"
},
{
"category": "external",
"summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS"
},
{
"cve": "CVE-2024-1023",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-01-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260840"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1023"
},
{
"category": "external",
"summary": "RHBZ#2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
"url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
}
],
"release_date": "2024-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
},
{
"acknowledgments": [
{
"names": [
"Axel Flamcourt"
]
}
],
"cve": "CVE-2024-1132",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path transversal in redirection validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1132"
},
{
"category": "external",
"summary": "RHBZ#2262117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
}
],
"release_date": "2024-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "No current mitigation is available for this vulnerability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path transversal in redirection validation"
},
{
"cve": "CVE-2024-1300",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263139"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This affects only TLS servers with SNI enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1300"
},
{
"category": "external",
"summary": "RHBZ#2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
},
{
"category": "external",
"summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
}
],
"release_date": "2024-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264988"
}
],
"notes": [
{
"category": "description",
"text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25710"
},
{
"category": "external",
"summary": "RHBZ#2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264989"
}
],
"notes": [
{
"category": "description",
"text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26308"
},
{
"category": "external",
"summary": "RHBZ#2264989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
"url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2",
"url": "https://www.openwall.com/lists/oss-security/2024/02/19/2"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270674"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29131"
},
{
"category": "external",
"summary": "RHBZ#2270674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
"url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
"url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29133"
},
{
"category": "external",
"summary": "RHBZ#2270673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
"url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"known_not_affected": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-20T00:34:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_4460
Vulnerability from csaf_redhat - Published: 2024-07-10 15:10 - Updated: 2024-12-17 20:56Summary
Red Hat Security Advisory: Red Hat Data Grid 8.5.0 security update
Severity
Important
Notes
Topic: An update for Red Hat Data Grid 8 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.5.0 replaces Data Grid 8.4.8 and includes bug fixes and enhancements. Find out more about Data Grid 8.5.0 in the Release Notes[3].
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak [jdg-8] (CVE-2024-29180)
* CVE-2024-29025 netty-codec-http: Allocation of Resources Without Limits or Throttling [jdg-8] (CVE-2024-29025)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Data Grid 8 is now available.\n \nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.5.0 replaces Data Grid 8.4.8 and includes bug fixes and enhancements. Find out more about Data Grid 8.5.0 in the Release Notes[3].\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak [jdg-8] (CVE-2024-29180)\n\n* CVE-2024-29025 netty-codec-http: Allocation of Resources Without Limits or Throttling [jdg-8] (CVE-2024-29025)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4460",
"url": "https://access.redhat.com/errata/RHSA-2024:4460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.5/html-single/red_hat_data_grid_8.5_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.5/html-single/red_hat_data_grid_8.5_release_notes/index"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4460.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 8.5.0 security update",
"tracking": {
"current_release_date": "2024-12-17T20:56:45+00:00",
"generator": {
"date": "2024-12-17T20:56:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:4460",
"initial_release_date": "2024-07-10T15:10:43+00:00",
"revision_history": [
{
"date": "2024-07-10T15:10:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-10T15:10:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T20:56:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid",
"product": {
"name": "Red Hat Data Grid",
"product_id": "Red Hat Data Grid",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-10T15:10:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Data Grid"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4460"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Data Grid"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Data Grid"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-10T15:10:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Data Grid"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4460"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Data Grid"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024_4520
Vulnerability from csaf_redhat - Published: 2024-07-11 17:32 - Updated: 2024-12-17 22:46Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update
Severity
Important
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.16 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Important
A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
51 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.16 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4520",
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2272986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272986"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4520.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:46:39+00:00",
"generator": {
"date": "2024-12-17T22:46:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:4520",
"initial_release_date": "2024-07-11T17:32:34+00:00",
"revision_history": [
{
"date": "2024-07-11T17:32:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-11T17:32:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:46:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.16-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.16-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.16-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.16-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.16-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.16-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2024-30255",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-04-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272986"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30255"
},
{
"category": "external",
"summary": "RHBZ#2272986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272986"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30255"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-11T17:32:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood"
}
]
}
RHSA-2024_4873
Vulnerability from csaf_redhat - Published: 2024-07-25 15:04 - Updated: 2024-12-18 04:36Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]
Severity
Important
Notes
Topic: An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.
Security Fix(es):
* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)
* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)
* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)
* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)
* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.1 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.1 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.1 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.1 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apicurio Registry 2.6.1 GA
Red Hat / Red Hat Integration
|
cpe:/a:redhat:apicurio_registry:2.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4873",
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2266136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136"
},
{
"category": "external",
"summary": "2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json"
}
],
"title": "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]",
"tracking": {
"current_release_date": "2024-12-18T04:36:56+00:00",
"generator": {
"date": "2024-12-18T04:36:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:4873",
"initial_release_date": "2024-07-25T15:04:49+00:00",
"revision_history": [
{
"date": "2024-07-25T15:04:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-25T15:04:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:36:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apicurio Registry 2.6.1 GA",
"product": {
"name": "Red Hat build of Apicurio Registry 2.6.1 GA",
"product_id": "Red Hat build of Apicurio Registry 2.6.1 GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apicurio_registry:2.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266921"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: denial of service via specially crafted JWE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51775"
},
{
"category": "external",
"summary": "RHBZ#2266921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
}
],
"release_date": "2024-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T15:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose4j: denial of service via specially crafted JWE"
},
{
"cve": "CVE-2024-2700",
"cwe": {
"id": "CWE-526",
"name": "Cleartext Storage of Sensitive Information in an Environment Variable"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273281"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quarkus-core: Leak of local configuration properties into Quarkus applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2700"
},
{
"category": "external",
"summary": "RHBZ#2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2700"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T15:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quarkus-core: Leak of local configuration properties into Quarkus applications"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2266136"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: stop accepting new connections from valid clients",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22201"
},
{
"category": "external",
"summary": "RHBZ#2266136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/issues/11256",
"url": "https://github.com/jetty/jetty.project/issues/11256"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98"
}
],
"release_date": "2024-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T15:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: stop accepting new connections from valid clients"
},
{
"cve": "CVE-2024-29041",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2290901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: cause malformed URLs to be evaluated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29041"
},
{
"category": "external",
"summary": "RHBZ#2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
},
{
"category": "external",
"summary": "https://expressjs.com/en/4x/api.html#res.location",
"url": "https://expressjs.com/en/4x/api.html#res.location"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/pull/5539",
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"category": "external",
"summary": "https://github.com/koajs/koa/issues/1800",
"url": "https://github.com/koajs/koa/issues/1800"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T15:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "express: cause malformed URLs to be evaluated"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-25T15:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apicurio Registry 2.6.1 GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…