Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45338 (GCVE-0-2024-45338)
Vulnerability from cvelistv5 – Published: 2024-12-18 20:38 – Updated: 2025-02-21 18:03
VLAI
EPSS
Title
Non-linear parsing of case-insensitive content in golang.org/x/net/html
Summary
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Affected:
0 , < 0.33.0
(semver)
|
Credits
Guido Vranken
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T19:51:42.228627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T19:55:04.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-21T18:03:32.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "parseDoctype"
},
{
"name": "htmlIntegrationPoint"
},
{
"name": "inTableIM"
},
{
"name": "inBodyIM"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guido Vranken"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T20:38:22.660Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/637536"
},
{
"url": "https://go.dev/issue/70906"
},
{
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-45338",
"datePublished": "2024-12-18T20:38:22.660Z",
"dateReserved": "2024-08-27T19:41:58.555Z",
"dateUpdated": "2025-02-21T18:03:32.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45338",
"date": "2026-06-10",
"epss": "0.00046",
"percentile": "0.14518"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.\"}, {\"lang\": \"es\", \"value\": \"Un atacante puede manipular una entrada para las funciones de an\\u00e1lisis que se procesar\\u00eda de forma no lineal con respecto a su longitud, lo que dar\\u00eda como resultado un an\\u00e1lisis extremadamente lento. Esto podr\\u00eda causar una denegaci\\u00f3n de servicio.\"}]",
"id": "CVE-2024-45338",
"lastModified": "2024-12-31T20:16:06.603",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2024-12-18T21:15:08.173",
"references": "[{\"url\": \"https://go.dev/cl/637536\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/issue/70906\", \"source\": \"security@golang.org\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ\", \"source\": \"security@golang.org\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3333\", \"source\": \"security@golang.org\"}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1333\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45338\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-12-18T21:15:08.173\",\"lastModified\":\"2025-02-21T18:15:17.717\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede manipular una entrada para las funciones de an\u00e1lisis que se procesar\u00eda de forma no lineal con respecto a su longitud, lo que dar\u00eda como resultado un an\u00e1lisis extremadamente lento. Esto podr\u00eda causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://go.dev/cl/637536\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/70906\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-3333\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250221-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250221-0001/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-21T18:03:32.301Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45338\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-31T19:51:42.228627Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-31T19:54:57.693Z\"}}], \"cna\": {\"title\": \"Non-linear parsing of case-insensitive content in golang.org/x/net/html\", \"credits\": [{\"lang\": \"en\", \"value\": \"Guido Vranken\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/html\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.33.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/html\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseDoctype\"}, {\"name\": \"htmlIntegrationPoint\"}, {\"name\": \"inTableIM\"}, {\"name\": \"inBodyIM\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseFragment\"}, {\"name\": \"ParseFragmentWithOptions\"}, {\"name\": \"ParseWithOptions\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/637536\"}, {\"url\": \"https://go.dev/issue/70906\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3333\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-12-18T20:38:22.660Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45338\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-21T18:03:32.301Z\", \"dateReserved\": \"2024-08-27T19:41:58.555Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-12-18T20:38:22.660Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:0370
Vulnerability from csaf_redhat - Published: 2025-01-16 11:44 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.4 release
Severity
Important
Notes
Topic: A new version of Red Hat build of OpenTelemetry has been released
Details: Red Hat build of OpenTelemetry is a collection of tools, APIs, and SDKs. You use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis in order to understand your software's performance and behavior.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64 | — |
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of OpenTelemetry has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of OpenTelemetry is a collection of tools, APIs, and SDKs. You use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis in order to understand your software\u0027s performance and behavior.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0370",
"url": "https://access.redhat.com/errata/RHSA-2025:0370"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/red_hat_build_of_opentelemetry",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/red_hat_build_of_opentelemetry"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0370.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.4 release",
"tracking": {
"current_release_date": "2026-06-02T21:38:18+00:00",
"generator": {
"date": "2026-06-02T21:38:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0370",
"initial_release_date": "2025-01-16T11:44:17+00:00",
"revision_history": [
{
"date": "2025-01-16T11:44:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256%3Acb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3Af30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3A4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3Ab6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3A258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3A83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3A7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3A3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3Ae1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3Aa29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T11:44:17+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0370"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T11:44:17+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0370"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:258ce27da831a29ebbafbf1a6c0432f7ba4a8ee5c129ee22ff3c7746244ebbfe_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:7682ca488e66e62939d079730565ba1c7c6bf7b80ced478dad68bb22ec1daca8_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:e1acce6898ac6aa79d3fd4d7cbec12f48ef61e84339d87d9e33499796f566da3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:f30f739a0335ac75001da6b1559ea1ac14290ed1abbaa93cb0a3fd2738ae4160_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:cb2e6a39d5f5fbf3833625dacd8fb4234a9cf46a75c0b753598c7b0dabf723f0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:3a32097ceb8a30fdb9328b8139028b6ecc6f1a63ce663c93a94796d8f381d094_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:4c292ceb06bee218911c4325a25efafdb5f82d4ae1d4298fb1ed025183e31eb6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:83d835b3df0353b3bce10c55df5cf6eeaee02fdf25c1c7c1151151598d14b90a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a29ae4d725a82e622644cfa3a133f1599f79a1f3fda5d3d0ed677243b7cc55ca_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:4660dc63a61e5711ba75e99f85cad1a120d555ba1a877cb19523ebe6b370ab85_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:46bf0de18572f6930840bd578e329e81d53066b5000fbeed7219676675c9d51d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:90e354d25291d0c312a6cbfeb66c5746d93fa76ba992ba969db5ce9f61f730d5_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:b6cf020d7a4fd54d1196da1b5d6362d2318fa28d0ce24307f77214c9c0796962_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2025:0384
Vulnerability from csaf_redhat - Published: 2025-01-16 18:46 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: RHSA: Submariner 0.18.4 - bug and security fixes
Severity
Important
Notes
Topic: Submariner 0.18.4 packages that fix various bugs and security issues that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.11.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE links in the References section.
Details: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains security fixes, bug fixes, and enhancements to the Submariner container images.
Security fix(es):
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner 0.18.4 packages that fix various bugs and security issues that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.11.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains security fixes, bug fixes, and enhancements to the Submariner container images.\n\nSecurity fix(es):\ngolang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0384",
"url": "https://access.redhat.com/errata/RHSA-2025:0384"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0384.json"
}
],
"title": "Red Hat Security Advisory: RHSA: Submariner 0.18.4 - bug and security fixes",
"tracking": {
"current_release_date": "2026-06-02T21:38:18+00:00",
"generator": {
"date": "2026-06-02T21:38:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0384",
"initial_release_date": "2025-01-16T18:46:52+00:00",
"revision_history": [
{
"date": "2025-01-16T18:46:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-01-16T18:46:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"product": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"product_id": "rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"product_id": "rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"product": {
"name": "rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"product_id": "rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"product": {
"name": "rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"product_id": "rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"product": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"product_id": "rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"product": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"product_id": "rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"product_id": "rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"product": {
"name": "rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"product_id": "rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"product": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"product_id": "rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=v0.18.4-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"product": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"product_id": "rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"product_id": "rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"product": {
"name": "rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"product_id": "rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"product": {
"name": "rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"product_id": "rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"product": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"product_id": "rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"product": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"product_id": "rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"product_id": "rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"product": {
"name": "rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"product_id": "rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x",
"product": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x",
"product_id": "rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=v0.18.4-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"product": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"product_id": "rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"product_id": "rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"product": {
"name": "rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"product_id": "rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"product": {
"name": "rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"product_id": "rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"product": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"product_id": "rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"product": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"product_id": "rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"product_id": "rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"product": {
"name": "rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"product_id": "rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"product": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"product_id": "rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=v0.18.4-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"product": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"product_id": "rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"product_id": "rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"product": {
"name": "rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"product_id": "rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"product": {
"name": "rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"product_id": "rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"product": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"product_id": "rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"product": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"product_id": "rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"product_id": "rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"product": {
"name": "rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"product_id": "rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=v0.18.4-1"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"product": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"product_id": "rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=v0.18.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64"
},
"product_reference": "rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64"
},
"product_reference": "rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le"
},
"product_reference": "rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x"
},
"product_reference": "rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64"
},
"product_reference": "rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x"
},
"product_reference": "rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64"
},
"product_reference": "rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le"
},
"product_reference": "rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64"
},
"product_reference": "rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64"
},
"product_reference": "rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x"
},
"product_reference": "rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le"
},
"product_reference": "rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64"
},
"product_reference": "rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x"
},
"product_reference": "rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le"
},
"product_reference": "rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64"
},
"product_reference": "rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le"
},
"product_reference": "rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x"
},
"product_reference": "rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64"
},
"product_reference": "rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64"
},
"product_reference": "rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64"
},
"product_reference": "rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x"
},
"product_reference": "rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64"
},
"product_reference": "rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le"
},
"product_reference": "rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64"
},
"product_reference": "rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le"
},
"product_reference": "rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64"
},
"product_reference": "rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x"
},
"product_reference": "rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:46:52+00:00",
"details": "To learn more about Submariner, see https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/networking/networking#submariner",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0384"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:50d111733ab8210aadf6741847c2858a3adb6c96e6a3ee1414f4ff3bc51a1e43_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b35735bea5a748af5774c8b69818924c80cf588a7fb93ea3a15c12499ba21b20_amd64",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:b57142936cbf5137880996af902bef15c635d943b849b8d74fa66993cd37b661_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-agent-rhel9@sha256:fa5629d3d7aa3f2f9c6aa7a62cbee08b879717ae0ed38009dc8f32e49c45a0cc_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:46ab143f45d316ce6634ec92fcbaadf0231cdf7f33e7cdf6c576c939c9729098_ppc64le",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a61d730a3dbbf4c3a7b8d2c0cf3759abf0498318832391d3ec9a357780fecc2a_s390x",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:a9a3362d6c38199e9f47cabd5312172c730d6dbb3dc77411e84f73f678f9e11c_arm64",
"9Base-RHACM-2.11:rhacm2/lighthouse-coredns-rhel9@sha256:b1157095405425a89f0770c4606b2264cc0977478f5d6c8bcac90b258cf34319_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:6fed967d33a82ba77ce511e94757d1ab0722b294b1ac0d330a2e696ab83c254d_arm64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:a92ff7caadaccbc6615732b3272432f844dcb76a0a223a0c9236c03529d2c0ad_s390x",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:d2ac2f84cf3a837ac41e66b038e5507e6e37a1324538a4effb110ad46ca2039c_amd64",
"9Base-RHACM-2.11:rhacm2/nettest-rhel9@sha256:e079724ccb4133e5e02b0293565b86393d3b57de27af764325f32993869925f0_ppc64le",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:250b747603a5aa01e340f814128025b2e4ad2ead6ac78162ad2b82818524008c_arm64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:483328322fbb1f71c177caa1e49d73990611ef4be20c9ab622cdff7c5b6de22c_amd64",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:573fab5792cd711092fdf8d78a8ca099c73d5c0faa3f6bac3e496cca79700f36_s390x",
"9Base-RHACM-2.11:rhacm2/subctl-rhel9@sha256:5f85394f5e5dc77ef25a5aaef89f60446af4ddee70b3d5b8a3362a2ec33709ec_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:254324f36616804d2a4d499c375a571ed832371e4860e102a1e3daf3b3287879_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:256bbbe96815b89b4bab2fc703b1995891dbcbdc8ba16311d5fabb8345532fb4_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:38d03c6e1d071296262a0acca11db176e57bc217245cd38aa90849711abd77cf_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-gateway-rhel9@sha256:f01cd372e854a9d7d20bc7dc5d9566e641f077e703a6b1c10791bf06c3f6e570_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:0cab58d91ef7404efe8f8a2a6390272671f3a67f0b6b96eb595410afc1a1dfe3_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:20e77c802b814afefac6355f1c3ac6eea59a5ecd211b29e81f2246ff21c29f3e_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:9f71c6115da60903c445489992c89ea00975ca8f1cab22b3c6883ed2f4c4e21b_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-globalnet-rhel9@sha256:fceb75dc5a24a0c84c9aa5725c104c6bf19cad85797887e1e3c5bae4ae6455fb_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:1d0356b14dafb2f78ea0ef35e19ffeb9db9af2f57a7d8c4d838b7627f4976d70_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:7ded07e5ee28d2066021c95dcc95887d05451e58ca0f99bceab8c46757c69d9c_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:be6158b9d13531aeb0702fcdafa3772cd2c5fe355bf9e63deffa1a930c54b880_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-operator-bundle@sha256:f036ed02304931ff125dee0ee6c62b268fe39aa42879e539165d3b338cd9bcc0_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:257966e4010330f7b26353c3c2d088c2af85f1d7f6558fb53e2cc15b3ae711c3_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:360d98ceda85d212823b35edca01e63cb0c04cb8a56463475f595de62cb19534_s390x",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:48eb7721d75ae8115e2e328c64fe69270498533faa02178a63c8fc4cb4e060e4_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-rhel9-operator@sha256:79286b0f95c8cc2de367528b07f22bca20fdb74d1c0f6add87d6bd24216814ab_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:04e200e40f8d5e3fb893455742983f64447dd96824e852f3bae891819c09d5ec_amd64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:2039a3be8c20748aa882a90355294714914f2e4fa117aefd5157b6d0a4925ed8_ppc64le",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:ed6ef9312bf27127e3d2869c51e58d12d7eb47efab8cb67fa95d16927adc9a24_arm64",
"9Base-RHACM-2.11:rhacm2/submariner-route-agent-rhel9@sha256:f36ae578edbd6bc4c0d4a186a5b4df67657e34ce8f7773cf51e9eea3f8519280_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2025:0385
Vulnerability from csaf_redhat - Published: 2025-01-16 18:08 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9
Severity
Important
Notes
Topic: VolSync v0.11.1 general availability release images, which provide
enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Details: VolSync v0.11.1 is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying
the VolSync operator, it can create and maintain copies of your persistent
data.
For more information about VolSync, see:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync
or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.
This advisory contains enhancements and updates to the VolSync
container images.
Security fix(es):
* quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux (CVE-2024-53259)
* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto (CVE-2024-45337)
* golang.org/x/net/html: Non-linear parsing of case-insensitive content in
golang.org/x/net/html (CVE-2024-45338)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in Quic-Go where an attacker can inject malicious data into network packets, potentially allowing them to cause harm. The issue arises from a configuration option used by some affected versions of the code that sends out information about packet size limitations. As a result, when Quic-Go attempts to send a packet larger than it claims to be able to handle, the operating system will reject it due to a "message too large" error.
6.5 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "VolSync v0.11.1 general availability release images, which provide\nenhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "VolSync v0.11.1 is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying\nthe VolSync operator, it can create and maintain copies of your persistent\ndata.\n\nFor more information about VolSync, see:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync\n\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/.\n\nThis advisory contains enhancements and updates to the VolSync\ncontainer images.\n\nSecurity fix(es):\n\n* quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux (CVE-2024-53259) \n* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause\nauthorization bypass in golang.org/x/crypto (CVE-2024-45337)\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in\ngolang.org/x/net/html (CVE-2024-45338)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0385",
"url": "https://access.redhat.com/errata/RHSA-2025:0385"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2329991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329991"
},
{
"category": "external",
"summary": "2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "ACM-16525",
"url": "https://issues.redhat.com/browse/ACM-16525"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0385.json"
}
],
"title": "Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9",
"tracking": {
"current_release_date": "2026-06-02T21:38:25+00:00",
"generator": {
"date": "2026-06-02T21:38:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0385",
"initial_release_date": "2025-01-16T18:08:53+00:00",
"revision_history": [
{
"date": "2025-01-16T18:08:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-01-16T18:08:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"product_id": "rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.11.1-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64",
"product_id": "rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.11.1-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"product": {
"name": "rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"product_id": "rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/volsync-operator-bundle\u0026tag=v0.11.1-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"product_id": "rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.11.1-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"product_id": "rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.11.1-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64"
},
"product_reference": "rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"relates_to_product_reference": "9Base-RHACM-2.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"relates_to_product_reference": "9Base-RHACM-2.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"relates_to_product_reference": "9Base-RHACM-2.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9",
"product_id": "9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64",
"relates_to_product_reference": "9Base-RHACM-2.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:08:53+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:08:53+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53259",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2024-12-02T17:01:10.568793+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2329991"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Quic-Go where an attacker can inject malicious data into network packets, potentially allowing them to cause harm. The issue arises from a configuration option used by some affected versions of the code that sends out information about packet size limitations. As a result, when Quic-Go attempts to send a packet larger than it claims to be able to handle, the operating system will reject it due to a \"message too large\" error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53259"
},
{
"category": "external",
"summary": "RHBZ#2329991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329991"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53259"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50",
"url": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/pull/4729",
"url": "https://github.com/quic-go/quic-go/pull/4729"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2",
"url": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr"
}
],
"release_date": "2024-12-02T16:12:40.605000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:08:53+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0385"
},
{
"category": "workaround",
"details": "Use iptables to drop ICMP unreachable packets.",
"product_ids": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.12:rhacm2/volsync-operator-bundle@sha256:b1eb7e31f2a3e3371231223e01f4d06b609340b2403b53491c7a19c6d482609a_amd64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:5b093fc18988671085c78478167fb45b7d2fca1a0ae56860dae6dfe05ea61ee7_arm64",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:65c8d7313d6dd1d6a61cbba457639bbce9e5f3adea53c6c17ad939d72a875d34_ppc64le",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:67d36bc0e9fa06e9a9fa039d06c895e67813a4e6be9c034410766296196870e0_s390x",
"9Base-RHACM-2.12:rhacm2/volsync-rhel9@sha256:9a882ab03dedd84c31280b22811e4642989cc6a96820a3a003f091a50462dfa0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux"
}
]
}
RHSA-2025:0386
Vulnerability from csaf_redhat - Published: 2025-01-16 18:36 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9
Severity
Important
Notes
Topic: VolSync v0.10.2 general availability release images, which provide
enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Details: VolSync v0.10.2 VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
For more information about VolSync, see:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync
or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.
This advisory contains enhancements and updates to the VolSync
container images.
Security fix(es):
* quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux (CVE-2024-53259)
* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto (CVE-2024-45337)
* golang.org/x/net/html: Non-linear parsing of case-insensitive content in
golang.org/x/net/html (CVE-2024-45338)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in Quic-Go where an attacker can inject malicious data into network packets, potentially allowing them to cause harm. The issue arises from a configuration option used by some affected versions of the code that sends out information about packet size limitations. As a result, when Quic-Go attempts to send a packet larger than it claims to be able to handle, the operating system will reject it due to a "message too large" error.
6.5 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "VolSync v0.10.2 general availability release images, which provide\nenhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "VolSync v0.10.2 VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.\n\nFor more information about VolSync, see:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync\n\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/.\n\nThis advisory contains enhancements and updates to the VolSync\ncontainer images.\n\nSecurity fix(es):\n\n* quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux (CVE-2024-53259) \n* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause\nauthorization bypass in golang.org/x/crypto (CVE-2024-45337)\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in\ngolang.org/x/net/html (CVE-2024-45338)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0386",
"url": "https://access.redhat.com/errata/RHSA-2025:0386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2329991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329991"
},
{
"category": "external",
"summary": "2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "ACM-16523",
"url": "https://issues.redhat.com/browse/ACM-16523"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0386.json"
}
],
"title": "Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9",
"tracking": {
"current_release_date": "2026-06-02T21:38:31+00:00",
"generator": {
"date": "2026-06-02T21:38:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0386",
"initial_release_date": "2025-01-16T18:36:58+00:00",
"revision_history": [
{
"date": "2025-01-16T18:36:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-01-16T18:36:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64",
"product_id": "rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.10.2-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"product": {
"name": "rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"product_id": "rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/volsync-operator-bundle\u0026tag=v0.10.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"product_id": "rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.10.2-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"product_id": "rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.10.2-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"product": {
"name": "rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"product_id": "rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/volsync-rhel9\u0026tag=v0.10.2-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64"
},
"product_reference": "rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"relates_to_product_reference": "9Base-RHACM-2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9",
"product_id": "9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
},
"product_reference": "rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64",
"relates_to_product_reference": "9Base-RHACM-2.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:36:58+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0386"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:36:58+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0386"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53259",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2024-12-02T17:01:10.568793+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2329991"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Quic-Go where an attacker can inject malicious data into network packets, potentially allowing them to cause harm. The issue arises from a configuration option used by some affected versions of the code that sends out information about packet size limitations. As a result, when Quic-Go attempts to send a packet larger than it claims to be able to handle, the operating system will reject it due to a \"message too large\" error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53259"
},
{
"category": "external",
"summary": "RHBZ#2329991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329991"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53259"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50",
"url": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/pull/4729",
"url": "https://github.com/quic-go/quic-go/pull/4729"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2",
"url": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr"
}
],
"release_date": "2024-12-02T16:12:40.605000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T18:36:58+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/business_continuity/business-cont-overview#volsync",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0386"
},
{
"category": "workaround",
"details": "Use iptables to drop ICMP unreachable packets.",
"product_ids": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHACM-2.11:rhacm2/volsync-operator-bundle@sha256:1cec6197368b7d5a9712b89786d2b17185081a53ade8a693557da580686007bc_amd64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:1cb132539aa8a0ecb5bf395db48306adcb0ec66deec5c257f54c223b721a65bc_arm64",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:6a041d90d24a4463ee7bc08148ec8c1e811c1b02d9028d66e54ba8be479ae13b_ppc64le",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:86e1cc2f2abbcf13e1a104b1d985c8d7685a6c66fb6f2770bb38da165a597848_s390x",
"9Base-RHACM-2.11:rhacm2/volsync-rhel9@sha256:c619a9bde6e0afce2dde87fcbc27148dc9ccf83f522662499e0031315a731ce3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux"
}
]
}
RHSA-2025:0390
Vulnerability from csaf_redhat - Published: 2025-01-16 17:44 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release
Severity
Important
Notes
Topic: A new version of Red Hat OpenShift distributed tracing platform (Tempo) has been released
Details: Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures by allowing developers to track requests as they flow through distributed systems. Tempo is optimized to handle large volumes of trace data and is designed to be highly performant even under heavy loads.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64 | — |
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Tempo) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures by allowing developers to track requests as they flow through distributed systems. Tempo is optimized to handle large volumes of trace data and is designed to be highly performant even under heavy loads.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0390",
"url": "https://access.redhat.com/errata/RHSA-2025:0390"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-tempo",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-tempo"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0390.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release",
"tracking": {
"current_release_date": "2026-06-02T21:38:30+00:00",
"generator": {
"date": "2026-06-02T21:38:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0390",
"initial_release_date": "2025-01-16T17:44:29+00:00",
"revision_history": [
{
"date": "2025-01-16T17:44:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256%3Afd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3A41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3A5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3A5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3A482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3A68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3Ad7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3Aacdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3Ac0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3Ad0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Af0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3Ac4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3A60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3Adfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Adeb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3A42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T17:44:29+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0390"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-16T17:44:29+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0390"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:5bb0b143f10c31a2282fa89092791c340ddb0b69cd5f534867257693ba89a310_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:68a2a90a6c4fda1c9fcae7d5b229b7c61bf400c9d440e11a8b7d8b08b886ee5c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:deb0c57d4d62e25e223487dc55c0743c96fc1e99a1115d9fc72499a2571317a3_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:f0df0ad1ed07e33899fcda5b03599333fc5d545a22f7031b17e85e12dc983902_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:41941d8e405a50f9f0ff5481b2784e06a4bece6fe0d9b615ed321d4153611a71_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:482927e6074e3b9f8fdcbf177223939a136dfa635b94dd3cd7665e81b57fa7b0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:d0bf641dab7267af415a42d4e64b4d045771530a5b84056853c4fa0660eac99e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:dfb6ee8b24108b93d3f074609d9795b7bd8b27429d9bfdc4652c1d1a9ef94448_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:0564b9ed6f54865bf9a515177a475a7690ed464f04b91806f30001dfe1bc8105_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:2a28795ce0bca193bcccf906e87410cf9ba46dd710c5513222117e2e7142068a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:38c172f30c0df809ae32802159f541425cd193e72be1f859890cdc186047ec12_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:40de7eafe0d7a2e9420e847489f1395e6b087b079075a492b86cf11dcca506d5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:fd49fd51bd9c033317ca2ea172e6a21c84ccc17b609f9e5543ece39dd5ec8808_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:42790c7765ede1de392c14b9ca479eb98d0dcebf1cc388f05fde4002ce616328_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:5c5e529da2197a702ae7ab6c344050492ac1df191cdee946657d966c432ca7ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:60b46357145a1a6029fb78550d60cfb32c30b451102f7ac2704b3101df35740b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:acdb0ea00979f03a259a7ecabbfeac6ba0eb6d6c3155b9bc420554b010e6085a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:0f98ca8e4517c489e13203feb36745f5225123c8eaed0bb4517510c9f960dce8_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:247dbeba82277966f1ab511d5122929fe18c91fbc2f333ef374d4d86010e5060_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:c4ef5e5ef2869468edd536bc6619f8f742b6941b271568c5c6051ef3fd23afc4_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:d7281f07f9ca7f59d694b6d1c6c5221db081001b3fde57bb11e23cf102fa59a6_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:60b1d40da4648166450991cfc8d8b49edce8f8dd0ac7c35611b19c0ee4f6ae09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:8f1fdd37b61c8fba7354ec101df6f82510e8229080eb0be6fa57c05cda32a5bf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:9c553a6d61fb24e081f3b97793c12ee12f1a49d7b4d965b42948cf5281e70e6e_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/tempo-rhel8@sha256:c0239adab678964efae74a294356ce25cb5fc360d725ba428455138cea7be903_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2025:0444
Vulnerability from csaf_redhat - Published: 2025-01-20 21:35 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.2
Severity
Important
Notes
Topic: Red Hat Trusted Profile Analyzer 1.2.2 release Red Hat Product Security
has rated this update as having a security impact of Moderate
Details: Red Hat Trusted Profile Analyzer 1.2.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Trusted Profile Analyzer 1.2.2 release Red Hat Product Security\n has rated this update as having a security impact of Moderate",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Trusted Profile Analyzer 1.2.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0444",
"url": "https://access.redhat.com/errata/RHSA-2025:0444"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1817",
"url": "https://issues.redhat.com/browse/TC-1817"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2022",
"url": "https://issues.redhat.com/browse/TC-2022"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2075",
"url": "https://issues.redhat.com/browse/TC-2075"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2076",
"url": "https://issues.redhat.com/browse/TC-2076"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2089",
"url": "https://issues.redhat.com/browse/TC-2089"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2097",
"url": "https://issues.redhat.com/browse/TC-2097"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.2/html/release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.2/html/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-21613",
"url": "https://access.redhat.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-21614",
"url": "https://access.redhat.com/security/cve/CVE-2025-21614"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0444.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.2",
"tracking": {
"current_release_date": "2026-06-02T21:38:27+00:00",
"generator": {
"date": "2026-06-02T21:38:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0444",
"initial_release_date": "2025-01-20T21:35:36+00:00",
"revision_history": [
{
"date": "2025-01-20T21:35:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product": {
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Profile Analyzer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64",
"product": {
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64",
"product_id": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtpa-guac-rhel9@sha256%3A2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6?arch=amd64\u0026repository_url=registry.redhat.io/rhtpa\u0026tag=1.2.2-1736863185"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
},
"product_reference": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64",
"relates_to_product_reference": "Red Hat Trusted Profile Analyzer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:35:36+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0444"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:35:36+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0444"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-21613",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-01-06T17:00:41.244449+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2335888"
}
],
"notes": [
{
"category": "description",
"text": "An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: argument injection via the URL field",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an argument injection has been discovered in go-git, where an attackers can manipulate git-upload-pack flags, potentially enabling command or code execution leads to an exposure of sensitive data or other unintended actions, this vulnerability occurs exclusively in configurations using the file transport protocol.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "RHBZ#2335888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3368",
"url": "https://pkg.go.dev/vuln/GO-2025-3368"
}
],
"release_date": "2025-01-06T16:13:10.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:35:36+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0444"
},
{
"category": "workaround",
"details": "In cases where it is not possible to update to the latest version of go-git, it is recommended to enforce validation rules for values passed in the URL field.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: argument injection via the URL field"
},
{
"cve": "CVE-2025-21614",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-01-06T17:01:36.743039+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2335901"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21614"
},
{
"category": "external",
"summary": "RHBZ#2335901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21614"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3367",
"url": "https://pkg.go.dev/vuln/GO-2025-3367"
}
],
"release_date": "2025-01-06T16:20:16.140000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:35:36+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0444"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies"
}
]
}
RHSA-2025:0445
Vulnerability from csaf_redhat - Published: 2025-01-20 21:49 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.2
Severity
Important
Notes
Topic: Red Hat Trusted Profile Analyzer 1.2.2 release Red Hat Product Security
has rated this update as having a security impact of Moderate
Details: Red Hat Trusted Profile Analyzer 1.2.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Trusted Profile Analyzer 1.2.2 release Red Hat Product Security\n has rated this update as having a security impact of Moderate",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Trusted Profile Analyzer 1.2.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0445",
"url": "https://access.redhat.com/errata/RHSA-2025:0445"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1817",
"url": "https://issues.redhat.com/browse/TC-1817"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2022",
"url": "https://issues.redhat.com/browse/TC-2022"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2075",
"url": "https://issues.redhat.com/browse/TC-2075"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2076",
"url": "https://issues.redhat.com/browse/TC-2076"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2089",
"url": "https://issues.redhat.com/browse/TC-2089"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-2097",
"url": "https://issues.redhat.com/browse/TC-2097"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.2/html/release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.2/html/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-21613",
"url": "https://access.redhat.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-21614",
"url": "https://access.redhat.com/security/cve/CVE-2025-21614"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0445.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.2",
"tracking": {
"current_release_date": "2026-06-02T21:38:35+00:00",
"generator": {
"date": "2026-06-02T21:38:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0445",
"initial_release_date": "2025-01-20T21:49:53+00:00",
"revision_history": [
{
"date": "2025-01-20T21:49:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product": {
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Profile Analyzer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64",
"product": {
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64",
"product_id": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtpa-trustification-service-rhel9@sha256%3Aeb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4?arch=amd64\u0026repository_url=registry.redhat.io/rhtpa\u0026tag=1.2.2-1736774679"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
},
"product_reference": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64",
"relates_to_product_reference": "Red Hat Trusted Profile Analyzer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:49:53+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:49:53+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-21613",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-01-06T17:00:41.244449+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2335888"
}
],
"notes": [
{
"category": "description",
"text": "An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: argument injection via the URL field",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an argument injection has been discovered in go-git, where an attackers can manipulate git-upload-pack flags, potentially enabling command or code execution leads to an exposure of sensitive data or other unintended actions, this vulnerability occurs exclusively in configurations using the file transport protocol.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "RHBZ#2335888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3368",
"url": "https://pkg.go.dev/vuln/GO-2025-3368"
}
],
"release_date": "2025-01-06T16:13:10.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:49:53+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0445"
},
{
"category": "workaround",
"details": "In cases where it is not possible to update to the latest version of go-git, it is recommended to enforce validation rules for values passed in the URL field.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: argument injection via the URL field"
},
{
"cve": "CVE-2025-21614",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-01-06T17:01:36.743039+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2335901"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21614"
},
{
"category": "external",
"summary": "RHBZ#2335901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21614"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3367",
"url": "https://pkg.go.dev/vuln/GO-2025-3367"
}
],
"release_date": "2025-01-06T16:20:16.140000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-20T21:49:53+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.1 upgrade to 1.2.2. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies"
}
]
}
RHSA-2025:0485
Vulnerability from csaf_redhat - Published: 2025-01-21 05:59 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0
Severity
Important
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.15.0
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.15.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0485",
"url": "https://access.redhat.com/errata/RHSA-2025:0485"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0485.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0",
"tracking": {
"current_release_date": "2026-06-02T21:38:36+00:00",
"generator": {
"date": "2026-06-02T21:38:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0485",
"initial_release_date": "2025-01-21T05:59:40+00:00",
"revision_history": [
{
"date": "2025-01-21T05:59:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-01T21:11:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3Ab31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T05:59:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T05:59:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0485"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2025:0522
Vulnerability from csaf_redhat - Published: 2025-01-21 15:04 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Severity
Important
Notes
Topic: A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details: Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64 | — |
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0522",
"url": "https://access.redhat.com/errata/RHSA-2025:0522"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0522.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release",
"tracking": {
"current_release_date": "2026-06-02T21:38:40+00:00",
"generator": {
"date": "2026-06-02T21:38:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0522",
"initial_release_date": "2025-01-21T15:04:18+00:00",
"revision_history": [
{
"date": "2025-01-21T15:04:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Acb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3A665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Addddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Ae4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Ae2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Af0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Aa8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Ae43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Afa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Af9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aa63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ab859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ab48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Aeaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T15:04:18+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0522"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T15:04:18+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0522"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:36911a85237e694a9d25b1d552099ac7b8857885df699321b342e896d6cda2a2_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:8aaadb49a5e00db67cd07a54ad5c2ab1867a0e381cf55e844f6a136eaa53ab37_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:f0467dba748db0e36cba44258502f2fe64806444a50f4684d0d1078d34932a6f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:fa02064a1c6f5571ce31054e66ea21c67bfed03fa8309182e0e2380e3249c960_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3e3d042ca0846b586fd71f1ebb031cca079b2fa7a30dbf71f809b6bcb910244b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:cb0c08a16a23196aaee5a3465b96eb9ea20a6867bd2fff35368563c2184dc762_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ddddee551b77222714cd9a9e47752e171cc900623bd77800269dead71452fe72_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ed7a17795034bc7a7727557fb002fdeb2ba32cd19afb13726567dd4231517031_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:46fa583c12ade492eac2b7f21f22554af4647dd6383a5e2f8f5fc44929a746b5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:5ed2e26a0997a3c9707851370dd701f1b921683c250f22dd8fbf42fa2ba504df_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:86434a3a8b3213be2f9e5937d3bfc956e843a8c5e3434db5309f413b8d505b8c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:a8baa99bcc8a138eac44c74dd93dc67399d39124266f193fb4bb6152b2168909_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1f153c0a469504735e08a6ca0b4f2c40abd2544ddcaf8d319ebc184ca90fbb5e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:56e4c319d7c125148913e556564adc4a463cc6ec9763f8acc3c25dd2030b174a_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7619729065c5e34d88cfdaab6ed2fded897921e463d767b5d15b6d182e9e05a7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:f9cec96a7c2d3f78d39b801d4fc1849e9b81cd0b07d8646ec26d75e8dd60a0ad_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:28ba5c7fea09ad97ab13905092e49790a1462371588fc1372d7dd46b4ca09b7b_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a63888f881b136cfaf7a4ee8f3498dd508a117363035385bebe361463bd1425c_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:e4c891e4398e4b555d66a1c8fa5e38ce75b3105eda3e86b6cfac5807fb30714c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f62e2ec352dfbb90d2130f3197c0a4347fa5c60c383fdd07dbcc520d6a1c28c4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:51354e4725847b641213aa4e7a1582131d81bc1b0a0613cfd97941087c80aaa0_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:7b8a8d0473bd85405ebaa62a37458dbe0a48bd0b2963af9fcf09a5642fef2cdb_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:896db45925184a018bd68e966b83f5257730843832e3f3cc024bcf196f73b418_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b859148721ef0e1858586cc34ed89d005c64167e340de3a7702090c89d9d1209_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:665af6eb855ed08e7838035e6748f3a137ae6801023a93c82fcaff4b736fd317_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:1f13668479ff701caaf6bc9d3ff27234ceecf6f10eed81dc5ece1b380b4e15f3_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e2ce69e75bf84535e96496d401a16a45bb6685e622f5b327d69d5afdf22519e7_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e43141b1a9c43505ed9e993d146949b7408dd957e5006c497122278ed1f61588_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:eaea4dc18044bfaaa1991ed68d8e9364c5ed2c90611270ed107e0a63a4a77fbc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:21ca09549d861d2525d5eecc22cd2be58bc6a497d75e63c27ae9a943e6315994_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:3087b2c66b04b6877bbd7c104c70cea5f7c692b6137c96751ccbff726886676f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:7401dc7124e10ef4d9c8dc195c975543551c55b211e253a1ff19ae6586b43032_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b48ab8e510e1f9a632a6fbf08cbebeb30597f29a199473022f3b4550684587a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2025:0535
Vulnerability from csaf_redhat - Published: 2025-01-21 16:56 - Updated: 2026-06-02 21:38Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0
Severity
Important
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.15.0
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.15.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:0535",
"url": "https://access.redhat.com/errata/RHSA-2025:0535"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/OCPBUGS-23406",
"url": "https://issues.redhat.com/browse/OCPBUGS-23406"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/CM-356",
"url": "https://issues.redhat.com/browse/CM-356"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/CM-436",
"url": "https://issues.redhat.com/browse/CM-436"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0535.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.0",
"tracking": {
"current_release_date": "2026-06-02T21:38:39+00:00",
"generator": {
"date": "2026-06-02T21:38:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:0535",
"initial_release_date": "2025-01-21T16:56:55+00:00",
"revision_history": [
{
"date": "2025-01-21T16:56:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-01T21:11:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T21:38:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3Ab31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product_id": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256%3A57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:56:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0535"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T16:56:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee \u0027https://docs.openshift.com/container- platform/latest/security/cert_manager_operator/index.html\u0027 for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:0535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:57d8f4291874dd50be3775d987c1b16212845fd0bfb340bab21ddbd1e55d88b4_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:6060fe37af30baf972c0d6e6831c84c66fe5c7896b55ad0669c69a27a7905f4c_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:9bd140dec43638bbfb6878514e37c2f428b673d88c45c5bc6763aae701f338cd_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/cert-manager-operator-rhel9@sha256:b31cc2ba5ac8c6f18ee392a2193f81b3e4f4648a70549f2f5ada1d3c2bca500d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…