Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-34155 (GCVE-0-2024-34155)
Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-11-04 16:59
VLAI
EPSS
Title
Stack exhaustion in all Parse functions in go/parser
Summary
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | go/parser |
Affected:
0 , < 1.22.7
(semver)
Affected: 1.23.0-0 , < 1.23.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T13:55:36.320331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:59:31.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:07.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "go/parser",
"product": "go/parser",
"programRoutines": [
{
"name": "parser.parseLiteralValue"
},
{
"name": "ParseDir"
},
{
"name": "ParseExpr"
},
{
"name": "ParseExprFrom"
},
{
"name": "ParseFile"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.23.0-0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:42:42.518Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/611238"
},
{
"url": "https://go.dev/issue/69138"
},
{
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"title": "Stack exhaustion in all Parse functions in go/parser"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-34155",
"datePublished": "2024-09-06T20:42:42.518Z",
"dateReserved": "2024-05-01T18:45:34.846Z",
"dateUpdated": "2024-11-04T16:59:31.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-34155",
"date": "2026-06-29",
"epss": "0.00839",
"percentile": "0.53216"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.\"}, {\"lang\": \"es\", \"value\": \"Llamar a cualquiera de las funciones Parse en el c\\u00f3digo fuente de Go que contiene literales profundamente anidados puede provocar p\\u00e1nico debido al agotamiento de la pila.\"}]",
"id": "CVE-2024-34155",
"lastModified": "2024-11-21T09:18:12.633",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2024-09-06T21:15:11.947",
"references": "[{\"url\": \"https://go.dev/cl/611238\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/issue/69138\", \"source\": \"security@golang.org\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\", \"source\": \"security@golang.org\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3105\", \"source\": \"security@golang.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-34155\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-09-06T21:15:11.947\",\"lastModified\":\"2026-06-17T07:33:00.587\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.\"},{\"lang\":\"es\",\"value\":\"Llamar a cualquiera de las funciones Parse en el c\u00f3digo fuente de Go que contiene literales profundamente anidados puede provocar p\u00e1nico debido al agotamiento de la pila.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"go/parser\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"go/parser\",\"programRoutines\":[{\"name\":\"parser.parseLiteralValue\"},{\"name\":\"ParseDir\"},{\"name\":\"ParseExpr\"},{\"name\":\"ParseExprFrom\"},{\"name\":\"ParseFile\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.22.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.23.0-0\",\"lessThan\":\"1.23.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-09-09T13:55:36.320331Z\",\"id\":\"CVE-2024-34155\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"references\":[{\"url\":\"https://go.dev/cl/611238\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/69138\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-3105\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240926-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0005/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-26T15:03:07.202Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34155\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T13:55:36.320331Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T13:55:42.645Z\"}}], \"cna\": {\"title\": \"Stack exhaustion in all Parse functions in go/parser\", \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"go/parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.1\", \"versionType\": \"semver\"}], \"packageName\": \"go/parser\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parser.parseLiteralValue\"}, {\"name\": \"ParseDir\"}, {\"name\": \"ParseExpr\"}, {\"name\": \"ParseExprFrom\"}, {\"name\": \"ParseFile\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/611238\"}, {\"url\": \"https://go.dev/issue/69138\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3105\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-09-06T20:42:42.518Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-34155\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-04T16:59:31.685Z\", \"dateReserved\": \"2024-05-01T18:45:34.846Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-09-06T20:42:42.518Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-2067
Vulnerability from csaf_certbund - Published: 2024-09-05 22:00 - Updated: 2026-05-05 22:00Summary
Golang Go: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Go ist eine quelloffene Programmiersprache.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Golang Go <1.22.7
Golang / Go
|
<1.22.7 | ||
|
Red Hat Enterprise Linux Quay <3.16.0
Red Hat / Enterprise Linux
|
Quay <3.16.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Golang Go <1.23.1
Golang / Go
|
<1.23.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
IBM Spectrum Protect Plus <10.1.6.4
IBM / Spectrum Protect Plus
|
<10.1.6.4 | ||
|
Red Hat OpenStack 17.1
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:17.1
|
17.1 | |
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Golang Go <1.22.7
Golang / Go
|
<1.22.7 | ||
|
Red Hat Enterprise Linux Quay <3.16.0
Red Hat / Enterprise Linux
|
Quay <3.16.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Golang Go <1.23.1
Golang / Go
|
<1.23.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
IBM Spectrum Protect Plus <10.1.6.4
IBM / Spectrum Protect Plus
|
<10.1.6.4 | ||
|
Red Hat OpenStack 17.1
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:17.1
|
17.1 | |
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Golang Go <1.22.7
Golang / Go
|
<1.22.7 | ||
|
Red Hat Enterprise Linux Quay <3.16.0
Red Hat / Enterprise Linux
|
Quay <3.16.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Cryostat 3
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:cryostat_3
|
Cryostat 3 | |
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Golang Go <1.23.1
Golang / Go
|
<1.23.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Splunk Splunk Enterprise <9.3.4
Splunk / Splunk Enterprise
|
<9.3.4 | ||
|
Splunk Splunk Enterprise <9.4.2
Splunk / Splunk Enterprise
|
<9.4.2 | ||
|
IBM Spectrum Protect Plus <10.1.6.4
IBM / Spectrum Protect Plus
|
<10.1.6.4 | ||
|
Red Hat OpenStack 17.1
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:17.1
|
17.1 | |
|
Splunk Splunk Enterprise <9.2.6
Splunk / Splunk Enterprise
|
<9.2.6 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Splunk Splunk Enterprise <9.1.9
Splunk / Splunk Enterprise
|
<9.1.9 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
142 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Go ist eine quelloffene Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2067 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2067.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2067 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2067"
},
{
"category": "external",
"summary": "Google Groups Golang Announce vom 2024-09-05",
"url": "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2024-09-05",
"url": "https://seclists.org/oss-sec/2024/q3/248"
},
{
"category": "external",
"summary": "golang/go GitHub vom 2024-09-05",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "golang/go GitHub vom 2024-09-05",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "golang/go GitHub vom 2024-09-05",
"url": "https://go.dev/issue/69141"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3196-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019410.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3197-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019409.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3214-1 vom 2024-09-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IPEONFWNX7YQGJBYPCZAUZCZ2WXIQW62/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3213-1 vom 2024-09-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DHMLLZUAU3JK37745OCU5XWTW5Z4B4Y6/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6913 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6913"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6914 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6914"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6908 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6908"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6912 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6912"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6946 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6946"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6946 vom 2024-09-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-6946.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6947 vom 2024-09-23",
"url": "https://access.redhat.com/errata/RHSA-2024:6947"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6908 vom 2024-09-23",
"url": "https://linux.oracle.com/errata/ELSA-2024-6908.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6947 vom 2024-09-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-6947.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6913 vom 2024-09-24",
"url": "http://linux.oracle.com/errata/ELSA-2024-6913.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7102 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:7102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7136 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:7136"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7136 vom 2024-09-26",
"url": "https://linux.oracle.com/errata/ELSA-2024-7136.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7135 vom 2024-09-26",
"url": "https://linux.oracle.com/errata/ELSA-2024-7135.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7135 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:7135"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7103 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:7103"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7202 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7204 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7206 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7206"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7204 vom 2024-09-27",
"url": "https://linux.oracle.com/errata/ELSA-2024-7204.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7261 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7261"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7262 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7262"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7205 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7207 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7207"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7208 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7208"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7262 vom 2024-09-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-7262.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7350 vom 2024-09-30",
"url": "https://access.redhat.com/errata/RHSA-2024:7350"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7351 vom 2024-09-30",
"url": "https://access.redhat.com/errata/RHSA-2024:7351"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6947 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:6947"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6946 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:6946"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6913 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:6913"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7136 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:7136"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7204 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:7204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7456 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7487 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7487"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7485 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7485"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7449 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7449"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7488 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7488"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7455 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7455"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2643 vom 2024-10-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2643.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7769 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7769"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7821 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7821"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7794 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7792 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7792"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7819 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7819"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7822 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7822"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7793 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7793"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7791 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7791"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7818 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7818"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7820 vom 2024-10-08",
"url": "https://access.redhat.com/errata/RHSA-2024:7820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7852 vom 2024-10-09",
"url": "https://access.redhat.com/errata/RHSA-2024:7852"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14392-1 vom 2024-10-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VKQV4GKNNP3RDIDOADDTNIWK2GWHEQ46/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8039 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8039"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8038 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8038"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8038 vom 2024-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-8038.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8039 vom 2024-10-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-8039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8110 vom 2024-10-15",
"url": "https://access.redhat.com/errata/RHSA-2024:8110"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8112 vom 2024-10-15",
"url": "https://access.redhat.com/errata/RHSA-2024:8112"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8112 vom 2024-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-8112.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8110 vom 2024-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-8110.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8111 vom 2024-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-8111.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7081-1 vom 2024-10-23",
"url": "https://ubuntu.com/security/notices/USN-7081-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8329 vom 2024-10-22",
"url": "https://access.redhat.com/errata/RHSA-2024:8329"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8315 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8314 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8314"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8317 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8317"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8318"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:8111 vom 2024-10-25",
"url": "https://errata.build.resf.org/RLSA-2024:8111"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:8039 vom 2024-10-25",
"url": "https://errata.build.resf.org/RLSA-2024:8039"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:8038 vom 2024-10-25",
"url": "https://errata.build.resf.org/RLSA-2024:8038"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:8110 vom 2024-10-25",
"url": "https://errata.build.resf.org/RLSA-2024:8110"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3772-1 vom 2024-10-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019688.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3773-1 vom 2024-10-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5FQIPPI5C7ESB64AZAINR4HNOUP7FS36/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3809-1 vom 2024-10-30",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/M53WWN7UZXP3TU6VZGQOUL3C6XT5KIQA/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
"url": "https://access.redhat.com/errata/RHSA-2024:8688"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3937-1 vom 2024-11-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019792.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3938-1 vom 2024-11-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019791.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9459 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9459"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9456 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9473 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9473"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9472 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9472"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9454 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9454"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9485 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:9485"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7109-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7111-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8219 vom 2024-11-18",
"url": "https://access.redhat.com/errata/RHSA-2024:8219"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9960 vom 2024-11-19",
"url": "https://access.redhat.com/errata/RHSA-2024:9960"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9472 vom 2024-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-9472.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9454 vom 2024-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-9454.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9473 vom 2024-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-9473.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9456 vom 2024-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-9456.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14520-1 vom 2024-11-25",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M2XL2GIFLLA5UEYWJGZCWOIWYC4LD5JE/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10883 vom 2024-12-09",
"url": "https://access.redhat.com/errata/RHSA-2024:10883"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10906 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11217 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11216 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11216"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-11216 vom 2024-12-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-11216.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-11217 vom 2024-12-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-11217.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0203 vom 2025-01-09",
"url": "https://access.redhat.com/errata/RHSA-2025:0203"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0771 vom 2025-01-28",
"url": "https://access.redhat.com/errata/RHSA-2025:0771"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1190 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1190"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2779 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2779.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3773 vom 2025-04-10",
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3773 vom 2025-04-10",
"url": "https://linux.oracle.com/errata/ELSA-2025-3773.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-1971 vom 2025-04-17",
"url": "https://alas.aws.amazon.com/ALAS-2025-1971.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4240 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4240"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232437 vom 2025-05-03",
"url": "https://www.ibm.com/support/pages/node/7232437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7118 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7118"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7967 vom 2025-05-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-7967.html"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2025-0603 vom 2025-06-02",
"url": "https://advisory.splunk.com//advisories/SVD-2025-0603"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9776 vom 2025-06-26",
"url": "https://access.redhat.com/errata/RHSA-2025:9776"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:3773 vom 2025-07-29",
"url": "https://errata.build.resf.org/RLSA-2025:3773"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-19566 vom 2025-11-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-19566.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22287 vom 2025-11-27",
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23028 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23028"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23060 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23060"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23064 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23064"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23059 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23061 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23061"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23176 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23176"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23546 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1730 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1837 vom 2026-02-04",
"url": "https://linux.oracle.com/errata/ELSA-2026-1837.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2762 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2681 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3752 vom 2026-03-05",
"url": "https://linux.oracle.com/errata/ELSA-2026-3752.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13643 vom 2026-05-06",
"url": "https://linux.oracle.com/errata/ELSA-2026-13643.html"
}
],
"source_lang": "en-US",
"title": "Golang Go: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-05-05T22:00:00.000+00:00",
"generator": {
"date": "2026-05-06T09:11:39.156+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-2067",
"initial_release_date": "2024-09-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-09-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-08T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-16T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-19T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-09T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-28T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-12T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von XEROX und Splunk-SVD aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "63"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.23.1",
"product": {
"name": "Golang Go \u003c1.23.1",
"product_id": "T037315"
}
},
{
"category": "product_version",
"name": "1.23.1",
"product": {
"name": "Golang Go 1.23.1",
"product_id": "T037315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.23.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.22.7",
"product": {
"name": "Golang Go \u003c1.22.7",
"product_id": "T037316"
}
},
{
"category": "product_version",
"name": "1.22.7",
"product": {
"name": "Golang Go 1.22.7",
"product_id": "T037316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.22.7"
}
}
}
],
"category": "product_name",
"name": "Go"
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF002",
"product_id": "T043290"
}
},
{
"category": "product_version",
"name": "24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF002",
"product_id": "T043290-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if002"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.0-IF005",
"product_id": "T043291"
}
},
{
"category": "product_version",
"name": "24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow 24.0.0-IF005",
"product_id": "T043291-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if005"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
"product_id": "T040030"
}
},
{
"category": "product_version",
"name": "10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.6.4",
"product_id": "T040030-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Cryostat 3",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 3",
"product_id": "T036943",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat_3"
}
}
},
{
"category": "product_version_range",
"name": "Quay \u003c3.16.0",
"product": {
"name": "Red Hat Enterprise Linux Quay \u003c3.16.0",
"product_id": "T049495"
}
},
{
"category": "product_version",
"name": "Quay 3.16.0",
"product": {
"name": "Red Hat Enterprise Linux Quay 3.16.0",
"product_id": "T049495-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quay__3.16.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "API for Data Protection 1",
"product": {
"name": "Red Hat OpenShift API for Data Protection 1",
"product_id": "T039224",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:api_for_data_protection_1"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "17.1",
"product": {
"name": "Red Hat OpenStack 17.1",
"product_id": "T039385",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.2",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.2",
"product_id": "T044257"
}
},
{
"category": "product_version",
"name": "9.4.2",
"product": {
"name": "Splunk Splunk Enterprise 9.4.2",
"product_id": "T044257-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.4",
"product_id": "T044258"
}
},
{
"category": "product_version",
"name": "9.3.4",
"product": {
"name": "Splunk Splunk Enterprise 9.3.4",
"product_id": "T044258-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.6",
"product_id": "T044259"
}
},
{
"category": "product_version",
"name": "9.2.6",
"product": {
"name": "Splunk Splunk Enterprise 9.2.6",
"product_id": "T044259-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.9",
"product_id": "T044260"
}
},
{
"category": "product_version",
"name": "9.1.9",
"product": {
"name": "Splunk Splunk Enterprise 9.1.9",
"product_id": "T044260-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.9"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"product_status": {
"known_affected": [
"T037316",
"T049495",
"67646",
"T036943",
"T043290",
"T043291",
"T002977",
"T037315",
"T004914",
"T032255",
"T039224",
"T044258",
"T044257",
"T040030",
"T039385",
"T044259",
"T002207",
"T000126",
"T027843",
"T044260",
"398363"
]
},
"release_date": "2024-09-05T22:00:00.000+00:00",
"title": "CVE-2024-34155"
},
{
"cve": "CVE-2024-34156",
"product_status": {
"known_affected": [
"T037316",
"T049495",
"67646",
"T036943",
"T043290",
"T043291",
"T002977",
"T037315",
"T004914",
"T032255",
"T039224",
"T044258",
"T044257",
"T040030",
"T039385",
"T044259",
"T002207",
"T000126",
"T027843",
"T044260",
"398363"
]
},
"release_date": "2024-09-05T22:00:00.000+00:00",
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-34158",
"product_status": {
"known_affected": [
"T037316",
"T049495",
"67646",
"T036943",
"T043290",
"T043291",
"T002977",
"T037315",
"T004914",
"T032255",
"T039224",
"T044258",
"T044257",
"T040030",
"T039385",
"T044259",
"T002207",
"T000126",
"T027843",
"T044260",
"398363"
]
},
"release_date": "2024-09-05T22:00:00.000+00:00",
"title": "CVE-2024-34158"
}
]
}
WID-SEC-W-2024-3250
Vulnerability from csaf_certbund - Published: 2024-10-21 22:00 - Updated: 2026-02-08 23:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben, einen Cross-Site-Scripting-Angriff durchzuführen und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
References
39 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3250 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3250.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3250 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3250"
},
{
"category": "external",
"summary": "Red Hat Advisory vom 2024-10-21",
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8229 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8229"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8232 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8232"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8260 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8263 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8263"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8581 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8581"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8425 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8337 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8337"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8428 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8428"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
"url": "https://access.redhat.com/errata/RHSA-2024:8688"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8697 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8700 vom 2024-11-08",
"url": "https://access.redhat.com/errata/RHSA-2024:8700"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8981 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:8981"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10186 vom 2024-11-22",
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:8704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10762 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10906 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10895 vom 2024-12-11",
"url": "https://access.redhat.com/errata/RHSA-2024:10895"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0079 vom 2025-01-08",
"url": "https://access.redhat.com/errata/RHSA-2025:0079"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0164 vom 2025-01-09",
"url": "https://access.redhat.com/errata/RHSA-2025:0164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0323 vom 2025-01-15",
"url": "https://access.redhat.com/errata/RHSA-2025:0323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0664 vom 2025-01-23",
"url": "https://access.redhat.com/errata/RHSA-2025:0664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0875 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:0875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4019 vom 2025-04-23",
"url": "https://access.redhat.com/errata/RHSA-2025:4019"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8059 vom 2025-05-21",
"url": "https://access.redhat.com/errata/RHSA-2025:8059"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8479 vom 2025-06-04",
"url": "https://access.redhat.com/errata/RHSA-2025:8479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8551 vom 2025-06-05",
"url": "https://access.redhat.com/errata/RHSA-2025:8551"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2164 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2172 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-08T23:00:00.000+00:00",
"generator": {
"date": "2026-02-09T07:12:49.263+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3250",
"initial_release_date": "2024-10-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-10T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-14T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "29",
"summary": "doppelte Eintragung bereinigt"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.1",
"product": {
"name": "Atlassian Confluence \u003c10.1.1",
"product_id": "T048680"
}
},
{
"category": "product_version",
"name": "10.1.1",
"product": {
"name": "Atlassian Confluence 10.1.1",
"product_id": "T048680-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Confluence \u003c10.0.2",
"product_id": "T048685"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Confluence 10.0.2",
"product_id": "T048685-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Atlassian Confluence \u003c9.2.7",
"product_id": "T048686"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Atlassian Confluence 9.2.7",
"product_id": "T048686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.25",
"product": {
"name": "Atlassian Confluence \u003c8.5.25",
"product_id": "T048687"
}
},
{
"category": "product_version",
"name": "8.5.25",
"product": {
"name": "Atlassian Confluence 8.5.25",
"product_id": "T048687-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.25"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Data Foundation 4",
"product": {
"name": "Red Hat OpenShift Data Foundation 4",
"product_id": "T028133",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation_4"
}
}
},
{
"category": "product_version",
"name": "Kube Descheduler Operator 5",
"product": {
"name": "Red Hat OpenShift Kube Descheduler Operator 5",
"product_id": "T033270",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:kube_descheduler_operator_5"
}
}
},
{
"category": "product_version_range",
"name": "Network Observability \u003c1.7.0",
"product": {
"name": "Red Hat OpenShift Network Observability \u003c1.7.0",
"product_id": "T038514"
}
},
{
"category": "product_version",
"name": "Network Observability 1.7.0",
"product": {
"name": "Red Hat OpenShift Network Observability 1.7.0",
"product_id": "T038514-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:network_observability__1.7.0"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.2",
"product_id": "T038527"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.2",
"product_id": "T038527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.14.40",
"product": {
"name": "Red Hat OpenShift \u003c4.14.40",
"product_id": "T038844"
}
},
{
"category": "product_version",
"name": "4.14.40",
"product": {
"name": "Red Hat OpenShift 4.14.40",
"product_id": "T038844-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14.40"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.4",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.4",
"product_id": "T038989"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.4",
"product_id": "T038989-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.4"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.14.13",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.14.13",
"product_id": "T040215"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.14.13",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.14.13",
"product_id": "T040215-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.14.13"
}
}
},
{
"category": "product_version_range",
"name": "Serverless Logic \u003c1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic \u003c1.35.0",
"product_id": "T040597"
}
},
{
"category": "product_version",
"name": "Serverless Logic 1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic 1.35.0",
"product_id": "T040597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:serverless_logic__1.35.0"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.15",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.15",
"product_id": "T040819"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.15",
"product_id": "T040819-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.15"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.10",
"product_id": "T043077"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.10",
"product_id": "T043077-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.10"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.17.7",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.17.7",
"product_id": "T044019"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.17.7",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.17.7",
"product_id": "T044019-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.17.7"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.14.18",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.14.18",
"product_id": "T044338"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.14.18",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.14.18",
"product_id": "T044338-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.14.18"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34155"
},
{
"cve": "CVE-2024-34156",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-34158",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34158"
},
{
"cve": "CVE-2024-39338",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-43788",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45801"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…